Google Android vulnerabilities

CVE-2025-20698 [MEDIUM] CWE-787 CVE-2025-20698: In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.

CVE-2025-20697 [MEDIUM] CWE-787 CVE-2025-20697: In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.

CVE-2025-21479 [HIGH] CVE-2025-21479: Closed-source component Android Security Bulletin 2025-08-01 CVE: CVE-2025-21479 Severity: CRITICAL Component: Closed-source component References: A-415772610 *

CVE-2025-27038 [HIGH] CVE-2025-27038: Display Android Security Bulletin 2025-08-01 CVE: CVE-2025-27038 Severity: HIGH Component: Display References: A-418032173 QC-CR#4080397 *

CVE-2025-0932 [MEDIUM] CVE-2025-0932: Mali Android Security Bulletin 2025-08-01 CVE: CVE-2025-0932 Severity: HIGH Component: Mali References: A-407994187*

CVE-2025-20695 [MEDIUM] CWE-124 CVE-2025-20695: In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to r In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

CVE-2025-20693 [MEDIUM] CWE-125 CVE-2025-20693: In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This co In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

CVE-2025-20694 [MEDIUM] CWE-124 CVE-2025-20694: In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to r In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

CVE-2025-31710 [HIGH] CWE-77 CVE-2025-31710: In engineermode service, there is a possible command injection due to improper input validation. Thi In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2025-31712 [MEDIUM] CWE-120 CVE-2025-31712: In cplog service, there is a possible out of bounds write due to a missing bounds check. This could In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

CVE-2025-31711 [MEDIUM] CWE-476 CVE-2025-31711: In cplog service, there is a possible system crash due to null pointer dereference. This could lead In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.

CVE-2024-53019 [HIGH] CVE-2024-53019: Closed-source component Android Security Bulletin 2025-06-01 CVE: CVE-2024-53019 Severity: HIGH Component: Closed-source component References: A-381899100 *

CVE-2025-27029 [HIGH] CVE-2025-27029: Closed-source component Android Security Bulletin 2025-06-01 CVE: CVE-2025-27029 Severity: HIGH Component: Closed-source component References: A-400450166 *

CVE-2024-53026 [HIGH] CVE-2024-53026: Closed-source component Android Security Bulletin 2025-06-01 CVE: CVE-2024-53026 Severity: HIGH Component: Closed-source component References: A-381898142 *

CVE-2025-0478 [HIGH] CVE-2025-0478: PowerVR-GPU Android Security Bulletin 2025-06-01 CVE: CVE-2025-0478 Severity: HIGH Component: PowerVR-GPU References: A-382308394 *

CVE-2024-53021 [HIGH] CVE-2024-53021: Closed-source component Android Security Bulletin 2025-06-01 CVE: CVE-2024-53021 Severity: HIGH Component: Closed-source component References: A-381899144 *

CVE-2025-0468 [HIGH] CVE-2025-0468: PowerVR-GPU Android Security Bulletin 2025-06-01 CVE: CVE-2025-0468 Severity: HIGH Component: PowerVR-GPU References: A-382558918 *

CVE-2024-53010 [HIGH] CVE-2024-53010: Closed-source component Android Security Bulletin 2025-06-01 CVE: CVE-2024-53010 Severity: HIGH Component: Closed-source component References: A-381899437 *

CVE-2025-0073 [HIGH] CVE-2025-0073: Mali Android Security Bulletin 2025-06-01 CVE: CVE-2025-0073 Severity: HIGH Component: Mali References: A-391930942 *

CVE-2024-47893 [MEDIUM] CVE-2024-47893: PowerVR-GPU Android Security Bulletin 2025-06-01 CVE: CVE-2024-47893 Severity: HIGH Component: PowerVR-GPU References: A-388860393 *