Android
by Google
CVEs (4,121)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-36905 | 0.00 | — | 0.00 | Sep 4, 2025 | In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36904 | 0.00 | — | 0.00 | Sep 4, 2025 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. | |||
| CVE-2025-36903 | 0.00 | — | 0.00 | Sep 4, 2025 | In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36902 | 0.00 | — | 0.00 | Sep 4, 2025 | In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36901 | 0.00 | — | 0.00 | Sep 4, 2025 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. | |||
| CVE-2025-36900 | 0.00 | — | 0.00 | Sep 4, 2025 | In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36899 | 0.00 | — | 0.00 | Sep 4, 2025 | There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36898 | 0.00 | — | 0.00 | Sep 4, 2025 | There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36897 | 0.00 | — | 0.00 | Sep 4, 2025 | In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36896 | 0.00 | — | 0.00 | Sep 4, 2025 | WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. | |||
| CVE-2025-36895 | 0.00 | — | 0.00 | Sep 4, 2025 | Information disclosure | |||
| CVE-2025-36894 | 0.00 | — | 0.00 | Sep 4, 2025 | In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36893 | 0.00 | — | 0.00 | Sep 4, 2025 | In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-36892 | 0.00 | — | 0.00 | Sep 4, 2025 | Denial of service | |||
| CVE-2025-36891 | 0.00 | — | 0.00 | Sep 4, 2025 | Elevation of privilege | |||
| CVE-2025-36890 | 0.00 | — | 0.00 | Sep 4, 2025 | Elevation of Privilege | |||
| CVE-2025-26416 | 0.00 | — | 0.00 | Sep 2, 2025 | In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||
| CVE-2025-22442 | 0.00 | — | 0.00 | Sep 2, 2025 | In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User… | |||
| CVE-2025-22439 | 0.00 | — | 0.00 | Sep 2, 2025 | In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed… | |||
| CVE-2025-22438 | 0.00 | — | 0.00 | Sep 2, 2025 | In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
- CVE-2025-36905Sep 4, 2025risk 0.00cvss —epss 0.00
In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36904Sep 4, 2025risk 0.00cvss —epss 0.00
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.
- CVE-2025-36903Sep 4, 2025risk 0.00cvss —epss 0.00
In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36902Sep 4, 2025risk 0.00cvss —epss 0.00
In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36901Sep 4, 2025risk 0.00cvss —epss 0.00
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.
- CVE-2025-36900Sep 4, 2025risk 0.00cvss —epss 0.00
In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36899Sep 4, 2025risk 0.00cvss —epss 0.00
There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36898Sep 4, 2025risk 0.00cvss —epss 0.00
There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36897Sep 4, 2025risk 0.00cvss —epss 0.00
In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36896Sep 4, 2025risk 0.00cvss —epss 0.00
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.
- CVE-2025-36895Sep 4, 2025risk 0.00cvss —epss 0.00
Information disclosure
- CVE-2025-36894Sep 4, 2025risk 0.00cvss —epss 0.00
In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36893Sep 4, 2025risk 0.00cvss —epss 0.00
In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-36892Sep 4, 2025risk 0.00cvss —epss 0.00
Denial of service
- CVE-2025-36891Sep 4, 2025risk 0.00cvss —epss 0.00
Elevation of privilege
- CVE-2025-36890Sep 4, 2025risk 0.00cvss —epss 0.00
Elevation of Privilege
- CVE-2025-26416Sep 2, 2025risk 0.00cvss —epss 0.00
In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2025-22442Sep 2, 2025risk 0.00cvss —epss 0.00
In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- CVE-2025-22439Sep 2, 2025risk 0.00cvss —epss 0.00
In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed…
- CVE-2025-22438Sep 2, 2025risk 0.00cvss —epss 0.00
In afterKeyEventLockedInterruptable of InputDispatcher.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Page 172 of 207