Google Android vulnerabilities
7,234 known vulnerabilities affecting google/android.
Total CVEs
7,234
CISA KEV
18
actively exploited
Public exploits
48
Exploited in wild
18
Severity breakdown
CRITICAL544HIGH2984MEDIUM3458LOW248
Vulnerabilities
Page 7 of 362
CVE-2025-20800HIGHCVSS 7.8v14.0v15.0+1 more2026-01-06
CVE-2025-20800 [HIGH] CWE-787 CVE-2025-20800: In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead t
In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267349; Issue ID: MSV-5033.
nvd
CVE-2025-20780HIGHCVSS 7.8v15.0v16.02026-01-06
CVE-2025-20780 [HIGH] CWE-416 CVE-2025-20780: In display, there is a possible memory corruption due to use after free. This could lead to local es
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184061; Issue ID: MSV-4712.
nvd
CVE-2025-20781HIGHCVSS 7.8v14.0v15.0+1 more2026-01-06
CVE-2025-20781 [HIGH] CWE-415 CVE-2025-20781: In display, there is a possible memory corruption due to use after free. This could lead to local es
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.
nvd
CVE-2025-20795HIGHCVSS 7.8v13.0v14.0+2 more2026-01-06
CVE-2025-20795 [HIGH] CWE-787 CVE-2025-20795: In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lea
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10276761; Issue ID: MSV-5141.
nvd
CVE-2025-20787MEDIUMCVSS 6.7v14.0v15.0+1 more2026-01-06
CVE-2025-20787 [MEDIUM] CWE-416 CVE-2025-20787: In display, there is a possible memory corruption due to use after free. This could lead to local es
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149879; Issue ID: MSV-4658.
nvd
CVE-2025-20807MEDIUMCVSS 6.7v16.02026-01-06
CVE-2025-20807 [MEDIUM] CWE-190 CVE-2025-20807: In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local
In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451.
nvd
CVE-2025-20803MEDIUMCVSS 6.7v16.02026-01-06
CVE-2025-20803 [MEDIUM] CWE-190 CVE-2025-20803: In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local e
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504.
nvd
CVE-2025-20805MEDIUMCVSS 6.7v16.02026-01-06
CVE-2025-20805 [MEDIUM] CWE-416 CVE-2025-20805: In dpe, there is a possible memory corruption due to use after free. This could lead to local escala
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480.
nvd
CVE-2025-20806MEDIUMCVSS 6.7v16.02026-01-06
CVE-2025-20806 [MEDIUM] CWE-416 CVE-2025-20806: In dpe, there is a possible memory corruption due to use after free. This could lead to local escala
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114835; Issue ID: MSV-4479.
nvd
CVE-2025-20784MEDIUMCVSS 6.7v14.0v15.0+1 more2026-01-06
CVE-2025-20784 [MEDIUM] CWE-457 CVE-2025-20784: In display, there is a possible memory corruption due to uninitialized data. This could lead to loca
In display, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4683.
nvd
CVE-2025-20802MEDIUMCVSS 6.7v15.02026-01-06
CVE-2025-20802 [MEDIUM] CWE-416 CVE-2025-20802: In geniezone, there is a possible memory corruption due to use after free. This could lead to local
In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10238968; Issue ID: MSV-4914.
nvd
CVE-2025-20804MEDIUMCVSS 6.7v16.02026-01-06
CVE-2025-20804 [MEDIUM] CWE-416 CVE-2025-20804: In dpe, there is a possible memory corruption due to use after free. This could lead to local escala
In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10198951; Issue ID: MSV-4503.
nvd
CVE-2025-20783MEDIUMCVSS 6.7v14.0v15.0+1 more2026-01-06
CVE-2025-20783 [MEDIUM] CWE-787 CVE-2025-20783: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4684.
nvd
CVE-2025-20785MEDIUMCVSS 6.7v14.0v15.0+1 more2026-01-06
CVE-2025-20785 [MEDIUM] CWE-416 CVE-2025-20785: In display, there is a possible memory corruption due to use after free. This could lead to local es
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4677.
nvd
CVE-2025-20786MEDIUMCVSS 6.7v14.0v15.0+1 more2026-01-06
CVE-2025-20786 [MEDIUM] CWE-415 CVE-2025-20786: In display, there is a possible memory corruption due to use after free. This could lead to local es
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
nvd
CVE-2025-20782MEDIUMCVSS 6.7v14.0v15.0+1 more2026-01-06
CVE-2025-20782 [MEDIUM] CWE-787 CVE-2025-20782: In display, there is a possible out of bounds write due to a missing bounds check. This could lead t
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182882; Issue ID: MSV-4685.
nvd
CVE-2025-36937CRITICALCVSS 9.8vAndroid kernel2025-12-11
CVE-2025-36937 [CRITICAL] CWE-787 CVE-2025-36937: In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write d
In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2025-36925HIGHCVSS 7.8vAndroid kernel2025-12-11
CVE-2025-36925 [HIGH] CWE-787 CVE-2025-36925: In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missin
In WAVES_send_data_to_dsp of libaoc_waves.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2025-36918HIGHCVSS 7.8vAndroid kernel2025-12-11
CVE-2025-36918 [HIGH] CWE-125 CVE-2025-36918: In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to imprope
In aoc_service_read_message of aoc_ipc_core.c, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd
CVE-2025-36924HIGHCVSS 8.0vAndroid kernel2025-12-11
CVE-2025-36924 [HIGH] CWE-120 CVE-2025-36924: In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write
In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
cvelistv5nvd