Google Android vulnerabilities

CVE-2025-36916 [HIGH] CWE-362 CVE-2025-36916: In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condi In PrepareWorkloadBuffers of gxp_main_actor.cc, there is a possible double fetch due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36932 [HIGH] CWE-20 CVE-2025-36932: In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36928 [HIGH] CWE-120 CVE-2025-36928: In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bound In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36931 [HIGH] CWE-120 CVE-2025-36931: In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds c In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36934 [HIGH] CWE-362 CVE-2025-36934: In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after f In bigo_worker_thread of private/google-modules/video/gchips/bigo.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36930 [HIGH] CWE-120 CVE-2025-36930: In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds c In GetHostAddress of gxp_buffer.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36919 [HIGH] CWE-415 CVE-2025-36919: In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This cou In aocc_read of aoc_channel_dev.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36927 [HIGH] CWE-120 CVE-2025-36927: In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a mi In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36936 [HIGH] CWE-190 CVE-2025-36936: In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an i In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36935 [HIGH] CWE-787 CVE-2025-36935: In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to unini In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36923 [HIGH] CWE-122 CVE-2025-36923: In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36921 [MEDIUM] CWE-125 CVE-2025-36921: In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to In ProtocolPsUnthrottleApn() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.

CVE-2025-36889 [MEDIUM] CWE-441 CVE-2025-36889: In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused dep In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36912 [MEDIUM] CVE-2025-36912: In cellular modem, there is a possible denial of service due to a logic error in the code. This coul In cellular modem, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36929 [MEDIUM] CWE-20 CVE-2025-36929: In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper In AreFencesRegistered of gxp_fence_manager.cc, there is a possible information leak due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36922 [MEDIUM] CWE-416 CVE-2025-36922: In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. Th In bigo_map of bigo_iommu.c, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege in the OS Kernel level with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36938 [MEDIUM] CWE-693 CVE-2025-36938: In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the cod In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-36917 [MEDIUM] CWE-120 CVE-2025-36917: In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrec In SwDcpItg of up_L2commonPdcpSecurity.cpp, there is a possible denial of service due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48626 [CRITICAL] CWE-693 CVE-2025-48626: In multiple locations, there is a possible way to launch an application from the background due to a In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-48586 [HIGH] CWE-441 CVE-2025-48586: In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.