Skip to main content

Android

7243 CVEs product

Monthly

CVE-2025-20778 HIGH This Week

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48625 HIGH This Week

In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-48608 MEDIUM This Month

In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48606 HIGH This Week

CVE-2025-48606 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48569 MEDIUM This Month

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48639 HIGH This Week

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Privilege Escalation XSS Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48638 HIGH This Week

In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48637 HIGH This Week

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Integer Overflow Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48633 MEDIUM KEV PATCH THREAT Act Now

CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is available.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-48632 HIGH PATCH This Week

In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48631 MEDIUM This Month

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-48629 HIGH This Week

CVE-2025-48629 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48628 HIGH PATCH This Week

CVE-2025-48628 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48627 HIGH PATCH This Week

CVE-2025-48627 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48626 CRITICAL PATCH Act Now

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-48624 HIGH This Week

In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48623 HIGH PATCH This Week

In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48622 MEDIUM PATCH This Month

In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48621 HIGH PATCH This Week

CVE-2025-48621 is a security vulnerability (CVSS 7.3) that allows a tapjacking attack due. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48620 HIGH PATCH This Week

CVE-2025-48620 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48618 MEDIUM PATCH This Month

In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-48614 MEDIUM PATCH This Month

In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Denial Of Service Android Google
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-48610 MEDIUM PATCH This Month

In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48607 MEDIUM PATCH This Month

In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48604 MEDIUM PATCH This Month

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48603 MEDIUM PATCH This Month

In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48601 MEDIUM This Month

In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48599 HIGH PATCH This Week

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Authentication Bypass Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48598 MEDIUM PATCH This Month

CVE-2025-48598 is a security vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2025-48597 HIGH PATCH This Week

In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation XSS Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48596 HIGH PATCH This Week

In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Information Disclosure Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48594 HIGH PATCH This Week

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48592 HIGH PATCH This Week

In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-48591 MEDIUM This Month

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48590 MEDIUM PATCH This Month

In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48589 HIGH PATCH This Week

CVE-2025-48589 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48588 HIGH PATCH This Week

CVE-2025-48588 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48586 HIGH PATCH This Week

CVE-2025-48586 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48584 MEDIUM PATCH This Month

In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48583 HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation RCE Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48580 HIGH PATCH This Week

CVE-2025-48580 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48576 MEDIUM PATCH This Month

In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-48575 HIGH PATCH This Week

In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Authentication Bypass Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48573 HIGH PATCH This Week

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48572 HIGH KEV THREAT Act Now

Android contains a missing authentication vulnerability (CVE-2025-48572, CVSS 7.8) in multiple locations that allows background activity launches through a permissions bypass, enabling local privilege escalation without user interaction. KEV-listed, this vulnerability enables malicious apps to perform privileged operations silently in the background, bypassing Android's activity launch restrictions.

Privilege Escalation Authentication Bypass Android Google
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-48566 HIGH PATCH This Week

In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48565 HIGH PATCH This Week

CVE-2025-48565 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48564 HIGH PATCH This Week

In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-48555 HIGH PATCH This Week

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Information Disclosure Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48536 HIGH PATCH This Week

CVE-2025-48536 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48525 HIGH PATCH This Week

In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32329 HIGH PATCH This Week

CVE-2025-32329 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32328 HIGH PATCH This Week

CVE-2025-32328 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32319 MEDIUM PATCH This Month

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Authentication Bypass Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-22432 MEDIUM PATCH This Month

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-22420 HIGH PATCH This Week

CVE-2025-22420 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-53760 PATCH Monitor

{IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. [name:lockdep&]kworker/u16:4/260 [HC0[0]:SC0[0]:HE1:SE1] takes: ffffff8028444600 (&hwq->cq_lock){?.-.}-{2:2}, at: ufshcd_mcq_poll_cqe_lock+0x30/0xe0 [name:lockdep&]{IN-HARDIRQ-W} state was registered at: lock_acquire+0x17c/0x33c _raw_spin_lock+0x5c/0x7c ufshcd_mcq_poll_cqe_lock+0x30/0xe0 ufs_mtk_mcq_intr+0x60/0x1bc [ufs_mediatek_mod] __handle_irq_event_percpu+0x140/0x3ec handle_irq_event+0x50/0xd8 handle_fasteoi_irq+0x148/0x2b0 generic_handle_domain_irq+0x4c/0x6c gic_handle_irq+0x58/0x134 call_on_irq_stack+0x40/0x74 do_interrupt_handler+0x84/0xe4 el1_interrupt+0x3c/0x78 <snip> Possible unsafe locking scenario: CPU0 ---- lock(&hwq->cq_lock); <Interrupt> lock(&hwq->cq_lock); *** DEADLOCK *** 2 locks held by kworker/u16:4/260: [name:lockdep&] stack backtrace: CPU: 7 PID: 260 Comm: kworker/u16:4 Tainted: G S W OE 6.1.17-mainline-android14-2-g277223301adb #1 Workqueue: ufs_eh_wq_0 ufshcd_err_handler Call trace: dump_backtrace+0x10c/0x160 show_stack+0x20/0x30 dump_stack_lvl+0x98/0xd8 dump_stack+0x20/0x60 print_usage_bug+0x584/0x76c mark_lock_irq+0x488/0x510 mark_lock+0x1ec/0x25c __lock_acquire+0x4d8/0xffc lock_acquire+0x17c/0x33c _raw_spin_lock+0x5c/0x7c ufshcd_mcq_poll_cqe_lock+0x30/0xe0 ufshcd_poll+0x68/0x1b0 ufshcd_transfer_req_compl+0x9c/0xc8 ufshcd_err_handler+0x3bc/0xea0 process_one_work+0x2f4/0x7e8 worker_thread+0x234/0x450 kthread+0x110/0x134 ret_from_fork+0x10/0x20

Information Disclosure Linux Android Linux Kernel
NVD
EPSS
0.0%
CVE-2023-53742 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READ_ONCE() in read_instrumented_memory() Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT (current EL), IL = 32 bitsts | SET = 0, FnV = 0 0 | EA = 0, S1PTW = 0 0 | FSC = 0x21: alignment fault | Data abort info:o: | ISV = 0, ISS = 0x0000002121 | CM = 0, WnR = 0 0 | swapper pgtable: 4k pages, 39-bit VAs, pgdp=000000002835200000 | [ffffff802a0d8d71] pgd=180000005fbf9003, p4d=180000005fbf9003, | pud=180000005fbf9003, pmd=180000005fbe8003, pte=006800002a0d8707 | Internal error: Oops: 96000021 [#1] PREEMPT SMP | Modules linked in: | CPU: 2 PID: 45 Comm: kworker/u8:2 Not tainted | 5.15.78-android13-8-g63561175bbda-dirty #1 | ... | pc : kcsan_setup_watchpoint+0x26c/0x6bc | lr : kcsan_setup_watchpoint+0x88/0x6bc | sp : ffffffc00ab4b7f0 | x29: ffffffc00ab4b800 x28: ffffff80294fe588 x27: 0000000000000001 | x26: 0000000000000019 x25: 0000000000000001 x24: ffffff80294fdb80 | x23: 0000000000000000 x22: ffffffc00a70fb68 x21: ffffff802a0d8d71 | x20: 0000000000000002 x19: 0000000000000000 x18: ffffffc00a9bd060 | x17: 0000000000000001 x16: 0000000000000000 x15: ffffffc00a59f000 | x14: 0000000000000001 x13: 0000000000000000 x12: ffffffc00a70faa0 | x11: 00000000aaaaaaab x10: 0000000000000054 x9 : ffffffc00839adf8 | x8 : ffffffc009b4cf00 x7 : 0000000000000000 x6 : 0000000000000007 | x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffffffc00a70fb70 | x2 : 0005ff802a0d8d71 x1 : 0000000000000000 x0 : 0000000000000000 | Call trace: | kcsan_setup_watchpoint+0x26c/0x6bc | __tsan_read2+0x1f0/0x234 | inflate_fast+0x498/0x750 | zlib_inflate+0x1304/0x2384 | __gunzip+0x3a0/0x45c | gunzip+0x20/0x30 | unpack_to_rootfs+0x2a8/0x3fc | do_populate_rootfs+0xe8/0x11c | async_run_entry_fn+0x58/0x1bc | process_one_work+0x3ec/0x738 | worker_thread+0x4c4/0x838 | kthread+0x20c/0x258 | ret_from_fork+0x10/0x20 | Code: b8bfc2a8 2a0803f7 14000007 d503249f (78bfc2a8) ) | ---[ end trace 613a943cb0a572b6 ]----- The reason for this is that on certain arm64 configuration since e35123d83ee3 ("arm64: lto: Strengthen READ_ONCE() to acquire when CONFIG_LTO=y"), READ_ONCE() may be promoted to a full atomic acquire instruction which cannot be used on unaligned addresses. Fix it by avoiding READ_ONCE() in read_instrumented_memory(), and simply forcing the compiler to do the required access by casting to the appropriate volatile type. In terms of generated code this currently only affects architectures that do not use the default READ_ONCE() implementation. The only downside is that we are not guaranteed atomicity of the access itself, although on most architectures a plain load up to machine word size should still be atomic (a fact the default READ_ONCE() still relies on itself).

Information Disclosure Linux Android Linux Kernel
NVD
EPSS
0.0%
CVE-2025-66270 MEDIUM PATCH This Month

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

Authentication Bypass Google Ubuntu Debian Android +1
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-32900 MEDIUM PATCH This Month

A security vulnerability in the KDE Connect information-exchange protocol (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Google Ubuntu Debian +2
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-32901 MEDIUM PATCH This Month

In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

Google Denial Of Service Ubuntu Android Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-32899 MEDIUM PATCH This Month

A security vulnerability in KDE Connect (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google Ubuntu Android Red Hat +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-32898 MEDIUM PATCH This Month

A remote code execution vulnerability (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google Ubuntu Debian Android +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-12385 HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Microsoft Apple Google Denial Of Service Ubuntu +4
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-10971 HIGH This Week

Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.

Google Information Disclosure Android
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-20789 MEDIUM This Month

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538.

Information Disclosure Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-20788 MEDIUM This Month

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.

Denial Of Service Buffer Overflow Android Google
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-20777 MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.

Memory Corruption Privilege Escalation Buffer Overflow Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20776 MEDIUM This Month

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.

Privilege Escalation Information Disclosure Buffer Overflow Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20775 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.

Denial Of Service Privilege Escalation Buffer Overflow Memory Corruption Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20774 MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.

Heap Overflow Privilege Escalation Buffer Overflow Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20773 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.

Denial Of Service Privilege Escalation Buffer Overflow Memory Corruption Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20772 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.

Denial Of Service Privilege Escalation Buffer Overflow Memory Corruption Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20771 MEDIUM This Month

CVE-2025-20771 is a security vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20770 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.

Denial Of Service Privilege Escalation Buffer Overflow Memory Corruption Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20769 MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.

Privilege Escalation Stack Overflow Buffer Overflow Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20768 HIGH This Week

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.

Privilege Escalation Information Disclosure Buffer Overflow Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20767 HIGH This Week

In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4807.

Memory Corruption Privilege Escalation Buffer Overflow Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20766 HIGH This Week

CVE-2025-20766 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Buffer Overflow Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20765 MEDIUM This Month

In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.

Denial Of Service Race Condition Openwrt Android Yocto +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-20764 HIGH This Week

In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029.

Memory Corruption Privilege Escalation Buffer Overflow Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20763 HIGH This Week

In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267218; Issue ID: MSV-5032.

Memory Corruption Privilege Escalation Buffer Overflow Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-58483 MEDIUM This Month

A security vulnerability in Galaxy Store for Galaxy Watch (CVSS 5.9) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure Galaxy Store Android Samsung
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-58480 MEDIUM This Month

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58479 MEDIUM This Month

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58478 MEDIUM This Month

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58477 MEDIUM This Month

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-58476 MEDIUM This Month

Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.

Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-58475 MEDIUM This Month

A security vulnerability in libsec-ril.so (CVSS 5.6) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

Buffer Overflow Android
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2025-21080 MEDIUM This Month

A security vulnerability in Dynamic Lockscreen (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android Samsung
NVD
CVSS 3.1
6.2
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH This Week

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In isValidMediaUri of SettingsProvider.java, there is a possible cross user media read due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-48606 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Privilege Escalation XSS Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Integer Overflow +2
NVD
EPSS 0% CVSS 5.5
MEDIUM KEV PATCH THREAT Act Now

CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is available.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-48629 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48628 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48627 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of arm-smmu-v3.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In init_pkvm_hyp_vcpu of pkvm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In ProcessArea of dng_misc_opcodes.cpp, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

CVE-2025-48621 is a security vulnerability (CVSS 7.3) that allows a tapjacking attack due. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48620 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

In processLaunchBrowser of CommandParamsFactory.java, there is a possible browser interaction from the lockscreen due to improper locking. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

In rebootWipeUserData of RecoverySystem.java, there is a possible way to factory reset the device while in DSU mode due to a missing permission check. This could lead to physical denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Denial Of Service Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In __pkvm_guest_relinquish_to_host of mem_protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple locations, there is a possible way to create a large amount of app ops due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In InputMethodInfo of InputMethodInfo.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In multiple locations, there is a possible permanent denial of service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Denial Of Service Android +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Authentication Bypass Android +1
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

CVE-2025-48598 is a security vulnerability (CVSS 6.6). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation XSS Android +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

In onUidImportance of DisassociationProcessor.java, there is a possible way to retain companion application privileges after disassociation due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In initDecoder of C2SoftDav1dDec.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Information Disclosure Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In multiple locations, there is a possible way to read files from another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Authentication Bypass Information Disclosure Android +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In verifyAndGetBypass of AppOpsService.java, there is a possible method for a malicious app to prevent dialing emergency services under limited circumstances due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48589 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48588 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48586 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In multiple functions of NotificationManagerService.java, there is a possible way to bypass the per-package channel limits causing resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation RCE Android +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48580 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In updateNotificationChannelGroupFromPrivilegedListener of NotificationManagerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

Denial Of Service Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of CertInstaller.java, there is a possible way to install certificates due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Authentication Bypass Android +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH KEV THREAT Act Now

Android contains a missing authentication vulnerability (CVE-2025-48572, CVSS 7.8) in multiple locations that allows background activity launches through a permissions bypass, enabling local privilege escalation without user interaction. KEV-listed, this vulnerability enables malicious apps to perform privileged operations silently in the background, bypassing Android's activity launch restrictions.

Privilege Escalation Authentication Bypass Android +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations, there is a possible bypass of user profile boundary with a forwarded intent due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48565 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In multiple locations, there is a possible intent filter bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions of NotificationStation.java, there is a possible cross-profile information disclosure due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Information Disclosure Android +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-48536 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In disassociate of DisassociationProcessor.java, there is a possible way for an app to continue reading notifications when not associated to a companion device due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-32329 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-32328 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In ensureBound of RemotePrintService.java, there is a possible way for a background app to keep foreground permissions due to a permissions bypass. This could lead to local escalation of privilege with user execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Authentication Bypass Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

CVE-2025-22420 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Privilege Escalation Android Google
NVD
EPSS 0%
PATCH Monitor

{IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage. [name:lockdep&]kworker/u16:4/260 [HC0[0]:SC0[0]:HE1:SE1] takes: ffffff8028444600 (&hwq->cq_lock){?.-.}-{2:2}, at: ufshcd_mcq_poll_cqe_lock+0x30/0xe0 [name:lockdep&]{IN-HARDIRQ-W} state was registered at: lock_acquire+0x17c/0x33c _raw_spin_lock+0x5c/0x7c ufshcd_mcq_poll_cqe_lock+0x30/0xe0 ufs_mtk_mcq_intr+0x60/0x1bc [ufs_mediatek_mod] __handle_irq_event_percpu+0x140/0x3ec handle_irq_event+0x50/0xd8 handle_fasteoi_irq+0x148/0x2b0 generic_handle_domain_irq+0x4c/0x6c gic_handle_irq+0x58/0x134 call_on_irq_stack+0x40/0x74 do_interrupt_handler+0x84/0xe4 el1_interrupt+0x3c/0x78 <snip> Possible unsafe locking scenario: CPU0 ---- lock(&hwq->cq_lock); <Interrupt> lock(&hwq->cq_lock); *** DEADLOCK *** 2 locks held by kworker/u16:4/260: [name:lockdep&] stack backtrace: CPU: 7 PID: 260 Comm: kworker/u16:4 Tainted: G S W OE 6.1.17-mainline-android14-2-g277223301adb #1 Workqueue: ufs_eh_wq_0 ufshcd_err_handler Call trace: dump_backtrace+0x10c/0x160 show_stack+0x20/0x30 dump_stack_lvl+0x98/0xd8 dump_stack+0x20/0x60 print_usage_bug+0x584/0x76c mark_lock_irq+0x488/0x510 mark_lock+0x1ec/0x25c __lock_acquire+0x4d8/0xffc lock_acquire+0x17c/0x33c _raw_spin_lock+0x5c/0x7c ufshcd_mcq_poll_cqe_lock+0x30/0xe0 ufshcd_poll+0x68/0x1b0 ufshcd_transfer_req_compl+0x9c/0xc8 ufshcd_err_handler+0x3bc/0xea0 process_one_work+0x2f4/0x7e8 worker_thread+0x234/0x450 kthread+0x110/0x134 ret_from_fork+0x10/0x20

Information Disclosure Linux Android +1
NVD
EPSS 0%
PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: kcsan: Avoid READ_ONCE() in read_instrumented_memory() Haibo Li reported: | Unable to handle kernel paging request at virtual address | ffffff802a0d8d7171 | Mem abort info:o: | ESR = 0x9600002121 | EC = 0x25: DABT (current EL), IL = 32 bitsts | SET = 0, FnV = 0 0 | EA = 0, S1PTW = 0 0 | FSC = 0x21: alignment fault | Data abort info:o: | ISV = 0, ISS = 0x0000002121 | CM = 0, WnR = 0 0 | swapper pgtable: 4k pages, 39-bit VAs, pgdp=000000002835200000 | [ffffff802a0d8d71] pgd=180000005fbf9003, p4d=180000005fbf9003, | pud=180000005fbf9003, pmd=180000005fbe8003, pte=006800002a0d8707 | Internal error: Oops: 96000021 [#1] PREEMPT SMP | Modules linked in: | CPU: 2 PID: 45 Comm: kworker/u8:2 Not tainted | 5.15.78-android13-8-g63561175bbda-dirty #1 | ... | pc : kcsan_setup_watchpoint+0x26c/0x6bc | lr : kcsan_setup_watchpoint+0x88/0x6bc | sp : ffffffc00ab4b7f0 | x29: ffffffc00ab4b800 x28: ffffff80294fe588 x27: 0000000000000001 | x26: 0000000000000019 x25: 0000000000000001 x24: ffffff80294fdb80 | x23: 0000000000000000 x22: ffffffc00a70fb68 x21: ffffff802a0d8d71 | x20: 0000000000000002 x19: 0000000000000000 x18: ffffffc00a9bd060 | x17: 0000000000000001 x16: 0000000000000000 x15: ffffffc00a59f000 | x14: 0000000000000001 x13: 0000000000000000 x12: ffffffc00a70faa0 | x11: 00000000aaaaaaab x10: 0000000000000054 x9 : ffffffc00839adf8 | x8 : ffffffc009b4cf00 x7 : 0000000000000000 x6 : 0000000000000007 | x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffffffc00a70fb70 | x2 : 0005ff802a0d8d71 x1 : 0000000000000000 x0 : 0000000000000000 | Call trace: | kcsan_setup_watchpoint+0x26c/0x6bc | __tsan_read2+0x1f0/0x234 | inflate_fast+0x498/0x750 | zlib_inflate+0x1304/0x2384 | __gunzip+0x3a0/0x45c | gunzip+0x20/0x30 | unpack_to_rootfs+0x2a8/0x3fc | do_populate_rootfs+0xe8/0x11c | async_run_entry_fn+0x58/0x1bc | process_one_work+0x3ec/0x738 | worker_thread+0x4c4/0x838 | kthread+0x20c/0x258 | ret_from_fork+0x10/0x20 | Code: b8bfc2a8 2a0803f7 14000007 d503249f (78bfc2a8) ) | ---[ end trace 613a943cb0a572b6 ]----- The reason for this is that on certain arm64 configuration since e35123d83ee3 ("arm64: lto: Strengthen READ_ONCE() to acquire when CONFIG_LTO=y"), READ_ONCE() may be promoted to a full atomic acquire instruction which cannot be used on unaligned addresses. Fix it by avoiding READ_ONCE() in read_instrumented_memory(), and simply forcing the compiler to do the required access by casting to the appropriate volatile type. In terms of generated code this currently only affects architectures that do not use the default READ_ONCE() implementation. The only downside is that we are not guaranteed atomicity of the access itself, although on most architectures a plain load up to machine word size should still be atomic (a fact the default READ_ONCE() still relies on itself).

Information Disclosure Linux Android +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.

Authentication Bypass Google Ubuntu +3
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A security vulnerability in the KDE Connect information-exchange protocol (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Microsoft Information Disclosure Google +4
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.

Google Denial Of Service Ubuntu +3
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A security vulnerability in KDE Connect (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google Ubuntu +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

A remote code execution vulnerability (CVSS 4.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Google Ubuntu +3
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missing validation of the width and height in the <img> tag could cause an application to become unresponsive. This issue affects Qt: from 5.0.0 through 6.5.10, from 6.6.0 through 6.8.5, from 6.9.0 through 6.10.0.

Microsoft Apple Google +6
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: through v2.2.5.

Google Information Disclosure Android
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538.

Information Disclosure Android Google
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539.

Denial Of Service Buffer Overflow Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184870; Issue ID: MSV-4752.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10184297; Issue ID: MSV-4759.

Privilege Escalation Information Disclosure Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.

Denial Of Service Privilege Escalation Buffer Overflow +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.

Heap Overflow Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.

Denial Of Service Privilege Escalation Buffer Overflow +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.

Denial Of Service Privilege Escalation Buffer Overflow +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

CVE-2025-20771 is a security vulnerability (CVSS 6.7). Remediation should follow standard vulnerability management procedures.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.

Denial Of Service Privilege Escalation Buffer Overflow +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.

Privilege Escalation Stack Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4805.

Privilege Escalation Information Disclosure Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4807.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-20766 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Buffer Overflow Android +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.

Denial Of Service Race Condition Openwrt +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In smi, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10259774; Issue ID: MSV-5029.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In mmdvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10267218; Issue ID: MSV-5032.

Memory Corruption Privilege Escalation Buffer Overflow +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A security vulnerability in Galaxy Store for Galaxy Watch (CVSS 5.9) that allows local attacker. Remediation should follow standard vulnerability management procedures.

Information Disclosure Galaxy Store Android +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Memory Corruption Buffer Overflow Android
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.

Information Disclosure Buffer Overflow Android
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

A security vulnerability in libsec-ril.so (CVSS 5.6) that allows local privileged attackers. Remediation should follow standard vulnerability management procedures.

Buffer Overflow Android
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

A security vulnerability in Dynamic Lockscreen (CVSS 6.2) that allows local attackers. Remediation should follow standard vulnerability management procedures.

Information Disclosure Android Samsung
NVD
Prev Page 3 of 81 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy