Google Android vulnerabilities

7,234 known vulnerabilities affecting google/android.

Total CVEs

7,234

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL544HIGH2984MEDIUM3458LOW248

Vulnerabilities

Page 6 of 362

CVE-2026-20428MEDIUMCVSS 6.7v14.0v15.0+1 more2026-03-02

CVE-2026-20428 [MEDIUM] CWE-787 CVE-2026-20428: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5536.

nvd

CVE-2026-20437MEDIUMCVSS 4.4v15.02026-03-02

CVE-2026-20437 [MEDIUM] CWE-416 CVE-2026-20437: In MAE, there is a possible system crash due to use after free. This could lead to local denial of s In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843.

nvd

CVE-2026-20435MEDIUMCVSS 4.6v14.0v15.0+1 more2026-03-02

CVE-2026-20435 [MEDIUM] CWE-522 CVE-2026-20435: In preloader, there is a possible read of device unique identifiers due to a logic error. This could In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.

nvd

CVE-2026-0106CRITICALCVSS 9.3vAndroid kernel2026-02-05

CVE-2026-0106 [CRITICAL] CWE-119 CVE-2026-0106: In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

cvelistv5nvd

CVE-2026-20409HIGHCVSS 7.8v15.02026-02-02

CVE-2026-20409 [HIGH] CWE-787 CVE-2026-20409: In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363246; Issue ID: MSV-5779.

nvd

CVE-2026-20412HIGHCVSS 7.8v13.0v14.0+2 more2026-02-02

CVE-2026-20412 [HIGH] CWE-787 CVE-2026-20412: In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5733.

nvd

CVE-2026-20411HIGHCVSS 7.8v13.0v14.0+2 more2026-02-02

CVE-2026-20411 [HIGH] CWE-416 CVE-2026-20411: In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10351676; Issue ID: MSV-5737.

nvd

CVE-2026-20417MEDIUMCVSS 5.3v15.0v16.02026-02-02

CVE-2026-20417 [MEDIUM] CWE-787 CVE-2026-20417: In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to l In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10314946 / ALPS10340155; Issue ID: MSV-5154.

nvd

CVE-2026-20414MEDIUMCVSS 6.7v15.02026-02-02

CVE-2026-20414 [MEDIUM] CWE-416 CVE-2026-20414: In imgsys, there is a possible escalation of privilege due to use after free. This could lead to loc In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362999; Issue ID: MSV-5625.

nvd

CVE-2026-20410MEDIUMCVSS 6.7v15.02026-02-02

CVE-2026-20410 [MEDIUM] CWE-787 CVE-2026-20410: In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362552; Issue ID: MSV-5760.

nvd

CVE-2026-20415MEDIUMCVSS 5.5v15.02026-02-02

CVE-2026-20415 [MEDIUM] CWE-415 CVE-2026-20415: In imgsys, there is a possible memory corruption due to improper locking. This could lead to local d In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10363254; Issue ID: MSV-5617.

nvd

CVE-2026-20413MEDIUMCVSS 6.7v15.02026-02-02

CVE-2026-20413 [MEDIUM] CWE-1285 CVE-2026-20413: In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10362725; Issue ID: MSV-5694.

nvd

CVE-2025-36911HIGHCVSS 7.1vAndroid kernel2026-01-15

CVE-2025-36911 [HIGH] CVE-2025-36911: In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to re In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation.

cvelistv5nvd

CVE-2025-20779HIGHCVSS 7.0v14.0v15.0+1 more2026-01-06

CVE-2025-20779 [HIGH] CWE-416 CVE-2025-20779: In display, there is a possible use after free due to a race condition. This could lead to local esc In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184084; Issue ID: MSV-4720.

nvd

CVE-2025-20797HIGHCVSS 7.8v14.0v15.0+1 more2026-01-06

CVE-2025-20797 [HIGH] CWE-121 CVE-2025-20797: In battery, there is a possible out of bounds write due to a missing bounds check. This could lead t In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534.

nvd

CVE-2025-20798HIGHCVSS 7.8v14.0v15.0+1 more2026-01-06

CVE-2025-20798 [HIGH] CWE-787 CVE-2025-20798: In battery, there is a possible out of bounds write due to a missing bounds check. This could lead t In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5533.

nvd

CVE-2025-20801HIGHCVSS 7.0v13.0v14.0+2 more2026-01-06

CVE-2025-20801 [HIGH] CWE-415 CVE-2025-20801: In seninf, there is a possible memory corruption due to a race condition. This could lead to local e In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10251210; Issue ID: MSV-4926.

nvd

CVE-2025-20796HIGHCVSS 7.8v15.02026-01-06

CVE-2025-20796 [HIGH] CWE-1285 CVE-2025-20796: In imgsys, there is a possible out of bounds write due to improper input validation. This could lead In imgsys, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10314745; Issue ID: MSV-5553.

nvd

CVE-2025-20799HIGHCVSS 7.8v15.0v16.02026-01-06

CVE-2025-20799 [HIGH] CWE-416 CVE-2025-20799: In c2ps, there is a possible memory corruption due to use after free. This could lead to local escal In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10274607; Issue ID: MSV-5049.

nvd

CVE-2025-20778HIGHCVSS 7.8v14.0v15.0+1 more2026-01-06

CVE-2025-20778 [HIGH] CWE-787 CVE-2025-20778: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4729.

nvd

← Previous6 / 362Next →