Google Android vulnerabilities

CVE-2025-47328 [HIGH] CVE-2025-47328: Closed-source component Android Security Bulletin 2025-09-01 CVE: CVE-2025-47328 Severity: HIGH Component: Closed-source component References: A-421905306 *

CVE-2025-21477 [HIGH] CVE-2025-21477: Closed-source component Android Security Bulletin 2025-09-01 CVE: CVE-2025-21477 Severity: HIGH Component: Closed-source component References: A-394100233 *

CVE-2025-21481 [HIGH] CVE-2025-21481: Closed-source component Android Security Bulletin 2025-09-01 CVE: CVE-2025-21481 Severity: HIGH Component: Closed-source component References: A-400450230 *

CVE-2025-27052 [HIGH] CVE-2025-27052: Closed-source component Android Security Bulletin 2025-09-01 CVE: CVE-2025-27052 Severity: HIGH Component: Closed-source component References: A-409039825 *

CVE-2025-46710 [MEDIUM] CVE-2025-46710: PowerVR-GPU Android Security Bulletin 2025-09-01 CVE: CVE-2025-46710 Severity: HIGH Component: PowerVR-GPU References: A-382329905 *

CVE-2025-27032 [HIGH] CVE-2025-27032: Closed-source component Android Security Bulletin 2025-09-01 CVE: CVE-2025-27032 Severity: HIGH Component: Closed-source component References: A-400449519 *

CVE-2025-25179 [HIGH] CVE-2025-25179: PowerVR-GPU Android Security Bulletin 2025-09-01 CVE: CVE-2025-25179 Severity: HIGH Component: PowerVR-GPU References: A-383186226 *

CVE-2025-21484 [HIGH] CVE-2025-21484: Closed-source component Android Security Bulletin 2025-09-01 CVE: CVE-2025-21484 Severity: HIGH Component: Closed-source component References: A-400449949 *

CVE-2025-21464 [MEDIUM] CVE-2025-21464: Closed-source component Android Security Bulletin 2025-09-01 CVE: CVE-2025-21464 Severity: HIGH Component: Closed-source component References: A-394100533 *

CVE-2025-27065 [HIGH] CVE-2025-27065: Closed-source component Android Security Bulletin 2025-09-01 CVE: CVE-2025-27065 Severity: HIGH Component: Closed-source component References: A-415772924 *

CVE-2024-7881 [MEDIUM] CVE-2024-7881: CPU Android Security Bulletin 2025-09-01 CVE: CVE-2024-7881 Severity: HIGH Component: CPU References: A-361573291 *

CVE-2025-20707 [MEDIUM] CWE-416 CVE-2025-20707: In geniezone, there is a possible memory corruption due to use after free. This could lead to local In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820.

CVE-2025-22408 [CRITICAL] CWE-416 CVE-2025-22408: In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a us In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22403 [CRITICAL] CWE-416 CVE-2025-22403: In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0075 [CRITICAL] CWE-416 CVE-2025-0075: In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary co In process_service_search_attr_req of sdp_server.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0074 [CRITICAL] CWE-416 CVE-2025-0074: In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code d In process_service_attr_rsp of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-22409 [HIGH] CWE-416 CVE-2025-22409: In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a In rfc_send_buf_uih of rfc_ts_frames.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0093 [HIGH] CWE-732 CVE-2025-0093: In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-21125 [HIGH] CWE-416 CVE-2023-21125: In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use a In btif_hh_hsdata_rpt_copy_cb of bta_hh.cc, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-0084 [HIGH] CWE-416 CVE-2025-0084: In multiple locations, there is a possible out of bounds write due to a use after free. This could l In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.