Google Android vulnerabilities

CVE-2025-26463 [MEDIUM] CWE-400 CVE-2025-26463: In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allo In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40664 [MEDIUM] CWE-400 CVE-2024-40664: In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an ena In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26441 [MEDIUM] CWE-125 CVE-2025-26441: In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds chec In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26437 [MEDIUM] CWE-862 CVE-2025-26437: In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retriev In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48560 [MEDIUM] CWE-441 CVE-2025-48560: In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confuse In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26449 [MEDIUM] CWE-400 CVE-2025-26449: In multiple locations, there is a possible permanent denial of service due to resource exhaustion. T In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36908 [MEDIUM] CWE-787 CVE-2025-36908: In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an inco In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22415 [MEDIUM] CWE-266 CVE-2025-22415: In android_app of Android.bp, there is a possible way to launch any activity as a system user. This In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36902 [MEDIUM] CWE-122 CVE-2025-36902: In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0076 [LOW] CWE-862 CVE-2025-0076: In multiple locations, there is a possible way to view icons belonging to another user due to a miss In multiple locations, there is a possible way to view icons belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26428 [LOW] CWE-290 CVE-2025-26428: In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a log In startLockTaskMode of LockTaskController.java, there is a possible lock screen bypass due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-26419 [LOW] CWE-290 CVE-2025-26419: In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic err In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-22435 [CRITICAL] CWE-843 CVE-2025-22435: In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This co In avdt_msg_ind of avdt_msg.cc, there is a possible memory corruption due to type confusion. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26416 [CRITICAL] CWE-122 CVE-2025-26416: In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a he In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22429 [CRITICAL] CWE-693 CVE-2025-22429: In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the In multiple locations, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22416 [HIGH] CWE-441 CVE-2025-22416: In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a c In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22422 [HIGH] CWE-639 CVE-2025-22422: In multiple locations, there is a possible way to mislead a user into approving an authentication pr In multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will be used in another due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-49730 [HIGH] CWE-787 CVE-2024-49730: In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead In FuseDaemon.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22442 [HIGH] CWE-362 CVE-2025-22442: In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unautho In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22417 [HIGH] CWE-1021 CVE-2025-22417: In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictio In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.