Google Android vulnerabilities

CVE-2026-0010 [HIGH] CWE-787 CVE-2026-0010: In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bo In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48630 [HIGH] CWE-208 CVE-2025-48630: In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due t In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0031 [HIGH] CWE-190 CVE-2026-0031: In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer ov In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48602 [HIGH] CWE-693 CVE-2025-48602: In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possib In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48646 [HIGH] CWE-441 CVE-2025-48646: In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused dep In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48578 [HIGH] CWE-862 CVE-2025-48578: In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_ST In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2024-31328 [HIGH] CWE-693 CVE-2024-31328: In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitr In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48619 [HIGH] CWE-284 CVE-2025-48619: In multiple functions of ContentProvider.java, there is a possible way for an app with read-only acc In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48613 [HIGH] CWE-269 CVE-2025-48613: In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the origin In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0021 [HIGH] CWE-441 CVE-2026-0021: In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permissi In hasInteractAcrossUsersFullPermission of AppInfoBase.java, there is a possible cross-user permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0026 [HIGH] CWE-862 CVE-2026-0026: In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any sy In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2025-48645 [HIGH] CWE-269 CVE-2025-48645: In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper i In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48579 [HIGH] CWE-441 CVE-2025-48579: In multiple functions of MediaProvider.java, there is a possible external storage write permission b In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-20416 [HIGH] CWE-787 CVE-2026-20416: In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to l In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315038 / ALPS10340155; Issue ID: MSV-5155.

CVE-2025-48568 [HIGH] CWE-362 CVE-2025-48568: In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lea In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0011 [HIGH] CWE-693 CVE-2026-0011: In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from In enableSystemPackageLPw of Settings.java, there is a possible way to prevent location access from working due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0005 [MEDIUM] CWE-200 CVE-2026-0005: In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution priv

CVE-2026-0027 [MEDIUM] CWE-416 CVE-2026-0027: In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free In smmu_detach_dev of arm-smmu-v3.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-0012 [MEDIUM] CWE-284 CVE-2026-0012: In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due In setHideSensitive of ExpandableNotificationRow.java, there is a possible contact name leak due due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2026-20425 [MEDIUM] CWE-787 CVE-2026-20425: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539.