Google Android vulnerabilities

CVE-2025-21486 [HIGH] CVE-2025-21486: Kernel Android Security Bulletin 2025-06-01 CVE: CVE-2025-21486 Severity: HIGH Component: Kernel References: A-400449990 QC-CR#3986528

CVE-2024-12576 [MEDIUM] CVE-2024-12576: PowerVR-GPU Android Security Bulletin 2025-06-01 CVE: CVE-2024-12576 Severity: HIGH Component: PowerVR-GPU References: A-384017663 *

CVE-2025-21485 [HIGH] CVE-2025-21485: Kernel Android Security Bulletin 2025-06-01 CVE: CVE-2025-21485 Severity: HIGH Component: Kernel References: A-409047090 QC-CR#3947112

CVE-2025-0835 [HIGH] CVE-2025-0835: PowerVR-GPU Android Security Bulletin 2025-06-01 CVE: CVE-2025-0835 Severity: HIGH Component: PowerVR-GPU References: A-393393236 *

CVE-2025-21424 [HIGH] CVE-2025-21424: Kernel Android Security Bulletin 2025-06-01 CVE: CVE-2025-21424 Severity: HIGH Component: Kernel References: A-406236621 QC-CR#3989614 [2] [3] [4] [5]

CVE-2024-53020 [HIGH] CVE-2024-53020: Closed-source component Android Security Bulletin 2025-06-01 CVE: CVE-2024-53020 Severity: HIGH Component: Closed-source component References: A-381899262 *

CVE-2025-0819 [HIGH] CVE-2025-0819: Mali Android Security Bulletin 2025-06-01 CVE: CVE-2025-0819 Severity: HIGH Component: Mali References: A-402115802 *

CVE-2025-25178 [HIGH] CVE-2025-25178: PowerVR-GPU Android Security Bulletin 2025-06-01 CVE: CVE-2025-25178 Severity: HIGH Component: PowerVR-GPU References: A-395843768 *

CVE-2024-12837 [HIGH] CVE-2024-12837: PowerVR-GPU Android Security Bulletin 2025-06-01 CVE: CVE-2024-12837 Severity: HIGH Component: PowerVR-GPU References: A-382309975 *

CVE-2025-27700 [HIGH] CWE-693 CVE-2025-27700: There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-27701 [MEDIUM] CWE-476 CVE-2025-27701: In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.

CVE-2024-56193 [MEDIUM] CWE-200 CVE-2024-56193: There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could There is a possible disclosure of Bluetooth adapter details due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-20979 [HIGH] CWE-787 CVE-2025-20979: Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary co Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.

CVE-2025-20980 [MEDIUM] CWE-787 CVE-2025-20980: Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corrupt Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.

CVE-2025-20668 [HIGH] CWE-787 CVE-2025-20668: In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to lo In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027.

CVE-2025-20671 [HIGH] CWE-787 CVE-2025-20671: In thermal, there is a possible out of bounds write due to a race condition. This could lead to loca In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.

CVE-2025-20665 [MEDIUM] CWE-538 CVE-2025-20665: In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could l In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.

CVE-2024-46975 [HIGH] CVE-2024-46975: PowerVR-GPU Android Security Bulletin 2025-05-01 CVE: CVE-2024-46975 Severity: HIGH Component: PowerVR-GPU References: A-385657784 *

CVE-2024-49842 [HIGH] CVE-2024-49842: Closed-source component Android Security Bulletin 2025-05-01 CVE: CVE-2024-49842 Severity: HIGH Component: Closed-source component References: A-377312414 *

CVE-2024-49847 [HIGH] CVE-2024-49847: Closed-source component Android Security Bulletin 2025-05-01 CVE: CVE-2024-49847 Severity: HIGH Component: Closed-source component References: A-377312571 *