Google Android Mobile operating system
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Google Android.
Recent Google Android Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2025-04-01 | Android Security Bulletin—April 2025 | April 1, 2025 |
| 2025-03-01 | Android Security Bulletin—March 20255 | March 1, 2025 |
| 2025-02-01 | Android Security Bulletin February 2025 | February 1, 2025 |
| Android Security Bulletin October 2024 | Android Open Source Project | January 28, 2025 | |
| Android Security Bulletin January 2025 | Android Open Source Project | January 21, 2025 | |
| Android Security Bulletin December 2024 | Android Open Source Project | January 3, 2025 | |
| 2025-01-01 | Android Security Bulletin January 2025 | January 1, 2025 |
| Pixel / Nexus Security Bulletin—June 2018 | Android Open Source Project | December 5, 2024 | |
| Pixel / Nexus Security Bulletin—August 2018 | Android Open Source Project | December 5, 2024 | |
| Pixel / Nexus Security Bulletin—July 2018 | Android Open Source Project | December 5, 2024 |
EOL Dates
Ensure that you are using a supported version of Google Android. Here are some end of life, and end of support dates for Google Android.
| Release | EOL Date | Status |
|---|---|---|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | - |
Active
|
| 12.1 | March 3, 2025 |
EOL
Google Android 12.1 became EOL in 2025. |
| 12 | March 3, 2025 |
EOL
Google Android 12 became EOL in 2025. |
| 11 | February 5, 2024 |
EOL
Google Android 11 became EOL in 2024. |
| 10 | March 6, 2023 |
EOL
Google Android 10 became EOL in 2023. |
| 9 | January 1, 2022 |
EOL
Google Android 9 became EOL in 2022. |
| 8.1 | January 10, 2021 |
EOL
Google Android 8.1 became EOL in 2021. |
| 8.0 | January 1, 2021 |
EOL
Google Android 8.0 became EOL in 2021. |
| 7.1 | October 1, 2019 |
EOL
Google Android 7.1 became EOL in 2019. |
| 7 | October 1, 2019 |
EOL
Google Android 7 became EOL in 2019. |
| 6 | August 1, 2018 |
EOL
Google Android 6 became EOL in 2018. |
| 5.1 | March 1, 2018 |
EOL
Google Android 5.1 became EOL in 2018. |
| 5 | March 1, 2018 |
EOL
Google Android 5 became EOL in 2018. |
| 4.4W | October 1, 2017 |
EOL
Google Android 4.4W became EOL in 2017. |
| 4.4 | October 1, 2017 |
EOL
Google Android 4.4 became EOL in 2017. |
| 4.1 - 4.3 | - |
Active
|
| 4.1 | - |
Active
|
| 4 | - |
Active
|
By the Year
In 2025 there have been 133 vulnerabilities in Google Android with an average score of 7.2 out of ten. Last year, in 2024 Android had 710 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.03.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 133 | 7.22 |
| 2024 | 710 | 7.19 |
| 2023 | 1077 | 6.44 |
| 2022 | 968 | 6.43 |
| 2021 | 574 | 6.60 |
| 2020 | 700 | 7.00 |
| 2019 | 491 | 7.11 |
| 2018 | 294 | 7.58 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Google Android Security Vulnerabilities
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver
CVE-2025-0050
- April 07, 2025
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a non-privileged user process to make valid GPU processing operations, including via WebGL or WebGPU, to access a limited amount outside of buffer bounds.This issue affects Bifrost GPU Userspace Driver: from r0p0 through r49p2, from r50p0 through r51p0; Valhall GPU Userspace Driver: from r19p0 through r49p2, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Userspace Driver: from r41p0 through r49p2, from r50p0 through r53p0.
Transient DOS may occur while parsing SSID in action frames.
CVE-2025-21448
7.5 - High
- April 07, 2025
Transient DOS may occur while parsing SSID in action frames.
Buffer Over-read
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet
CVE-2024-45552
8.2 - High
- April 07, 2025
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
Buffer Over-read
Information disclosure while creating MQ channels.
CVE-2024-45549
7.7 - High
- April 07, 2025
Information disclosure while creating MQ channels.
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Cryptographic issues while generating an asymmetric key pair for RKP use cases.
CVE-2024-43065
7.1 - High
- April 07, 2025
Cryptographic issues while generating an asymmetric key pair for RKP use cases.
Exposed Dangerous Method or Function
Memory corruption while assigning memory
CVE-2024-33058
7.5 - High
- April 07, 2025
Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.
Insufficient Granularity of Access Control
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes
CVE-2024-45551
6.2 - Medium
- April 07, 2025
Cryptographic issue occurs during PIN/password verification using Gatekeeper, where RPMB writes can be dropped on verification failure, potentially leading to a user throttling bypass.
1390
Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes
CVE-2025-21436
7.8 - High
- April 07, 2025
Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads.
Dangling pointer
Transient DOS may occur while parsing extended IE in beacon.
CVE-2025-21435
7.5 - High
- April 07, 2025
Transient DOS may occur while parsing extended IE in beacon.
Buffer Over-read
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
CVE-2025-21434
7.5 - High
- April 07, 2025
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Buffer Over-read
Transient DOS while connecting STA to AP and initiating ADD TS request
CVE-2025-21430
7.5 - High
- April 07, 2025
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.
Buffer Over-read
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
CVE-2025-21429
7.5 - High
- April 07, 2025
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.
Buffer Over-read
Memory corruption while processing multiple IOCTL calls
CVE-2024-49848
6.7 - Medium
- April 07, 2025
Memory corruption while processing multiple IOCTL calls from HLOS to DSP.
Dangling pointer
Memory corruption while handling file descriptor during listener registration/de-registration.
CVE-2024-43066
7.8 - High
- April 07, 2025
Memory corruption while handling file descriptor during listener registration/de-registration.
Dangling pointer
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20660
- April 07, 2025
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.
Out-of-bounds Read
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20661
- April 07, 2025
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185.
Out-of-bounds Read
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20662
- April 07, 2025
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184.
Out-of-bounds Read
In keymaster, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20655
- April 07, 2025
In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183.
Out-of-bounds Read
In DA, there is a possible permission bypass due to a logic error
CVE-2025-20658
- April 07, 2025
In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.
Memory Corruption
In vdec, there is a possible permission bypass due to improper input validation
CVE-2025-20657
- April 07, 2025
In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.
Memory Corruption
In DA, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20656
- April 07, 2025
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
Memory Corruption
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52
CVE-2025-3067
- April 02, 2025
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium)
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52
CVE-2025-3068
- April 02, 2025
Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35
CVE-2025-1917
- March 05, 2025
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Clickjacking
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35
CVE-2025-1922
- March 05, 2025
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
User Interface (UI) Misrepresentation of Critical Information
Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.
CVE-2024-49836
7.8 - High
- March 03, 2025
Memory corruption may occur during the synchronization of the camera`s frame processing pipeline.
out-of-bounds array index
Memory corruption may occur while validating ports and channels in Audio driver.
CVE-2024-53014
7.8 - High
- March 03, 2025
Memory corruption may occur while validating ports and channels in Audio driver.
out-of-bounds array index
Memory corruption in display driver while detaching a device.
CVE-2024-53024
7.8 - High
- March 03, 2025
Memory corruption in display driver while detaching a device.
NULL Pointer Dereference
Transient DOS may occur while processing the country IE.
CVE-2024-53027
7.5 - High
- March 03, 2025
Transient DOS may occur while processing the country IE.
Classic Buffer Overflow
Information disclosure while deriving keys for a session for any Widevine use case.
CVE-2024-43051
5.5 - Medium
- March 03, 2025
Information disclosure while deriving keys for a session for any Widevine use case.
AuthZ
Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2024-53011
7.9 - High
- March 03, 2025
Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
Permissions, Privileges, and Access Controls
Transient DOS can occur while processing UCI command.
CVE-2024-53025
5.5 - Medium
- March 03, 2025
Transient DOS can occur while processing UCI command.
Integer Overflow or Wraparound
In apu, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20648
- March 03, 2025
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09456673; Issue ID: MSV-2584.
Out-of-bounds Read
In da, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20650
- March 03, 2025
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.
Memory Corruption
In da, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20651
- March 03, 2025
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.
In V5 DA, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20652
- March 03, 2025
In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.
Out-of-bounds Read
In da, there is a possible out of bounds read due to an integer overflow
CVE-2025-20653
- March 03, 2025
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.
Integer Overflow or Wraparound
In KeyInstall, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20645
- March 03, 2025
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599.
Memory Corruption
In Modem, there is a possible memory corruption due to incorrect error handling
CVE-2025-20644
- March 03, 2025
In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.
In wifi display, there is a possible missing permission check
CVE-2024-39441
- February 26, 2025
In wifi display, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126
CVE-2025-1426
- February 19, 2025
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Heap-based Buffer Overflow
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98
CVE-2025-0996
- February 15, 2025
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
Homograph Attack
Information disclosure while parsing the OCI IE with invalid length.
CVE-2024-49838
7.5 - High
- February 03, 2025
Information disclosure while parsing the OCI IE with invalid length.
Out-of-bounds Read
Memory corruption while configuring a Hypervisor based input virtual device.
CVE-2024-38420
7.8 - High
- February 03, 2025
Memory corruption while configuring a Hypervisor based input virtual device.
Memory Corruption
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
CVE-2024-38404
7.5 - High
- February 03, 2025
Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem.
Out-of-bounds Read
Memory corruption while processing IOCTL
CVE-2024-49843
7.8 - High
- February 03, 2025
Memory corruption while processing IOCTL from user space to handle GPU AHB bus error.
out-of-bounds array index
Memory corruption during management frame processing due to mismatch in T2LM info element.
CVE-2024-49839
9.8 - Critical
- February 03, 2025
Memory corruption during management frame processing due to mismatch in T2LM info element.
Out-of-bounds Read
Memory corruption while power-up or power-down sequence of the camera sensor.
CVE-2024-49834
7.8 - High
- February 03, 2025
Memory corruption while power-up or power-down sequence of the camera sensor.
out-of-bounds array index
Memory corruption can occur in the camera when an invalid CID is used.
CVE-2024-49833
7.8 - High
- February 03, 2025
Memory corruption can occur in the camera when an invalid CID is used.
out-of-bounds array index
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
CVE-2024-49832
7.8 - High
- February 03, 2025
Memory corruption in Camera due to unusually high number of nodes passed to AXI port.
out-of-bounds array index
Memory corruption while validating number of devices in Camera kernel .
CVE-2024-45582
7.8 - High
- February 03, 2025
Memory corruption while validating number of devices in Camera kernel .
out-of-bounds array index
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command
CVE-2024-45571
7.8 - High
- February 03, 2025
Memory corruption may occour occur when stopping the WLAN interface after processing a WMI command from the interface.
Dangling pointer
Memory corruption while parsing the ML IE due to invalid frame content.
CVE-2024-45569
9.8 - Critical
- February 03, 2025
Memory corruption while parsing the ML IE due to invalid frame content.
out-of-bounds array index
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver
CVE-2025-0015
- February 03, 2025
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to make improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0; Arm 5th Gen GPU Architecture Kernel Driver: from r48p0 through r49p1, from r50p0 through r52p0.
In DA, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20639
6.6 - Medium
- February 03, 2025
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.
Memory Corruption
In DA, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20640
4.3 - Medium
- February 03, 2025
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.
Out-of-bounds Read
In DA, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20641
6.6 - Medium
- February 03, 2025
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.
Memory Corruption
In DA, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20642
6.6 - Medium
- February 03, 2025
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.
Memory Corruption
In DA, there is a possible out of bounds read due to a missing bounds check
CVE-2025-20643
3.9 - Low
- February 03, 2025
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.
Out-of-bounds Read
In Modem, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20634
9.8 - Critical
- February 03, 2025
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
Memory Corruption
In V6 DA, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20635
6.6 - Medium
- February 03, 2025
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.
Memory Corruption
In secmem, there is a possible out of bounds write due to a missing bounds check
CVE-2025-20636
6.7 - Medium
- February 03, 2025
In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09403554; Issue ID: MSV-2431.
Memory Corruption
In DA, there is a possible read of uninitialized heap data due to uninitialized data
CVE-2025-20638
4.3 - Medium
- February 03, 2025
In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291449; Issue ID: MSV-2066.
Use of Uninitialized Resource
In V5 DA, there is a possible out of bounds write due to a missing bounds check
CVE-2024-20141
6.6 - Medium
- February 03, 2025
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291402; Issue ID: MSV-2073.
Memory Corruption
In V5 DA, there is a possible out of bounds write due to a missing bounds check
CVE-2024-20142
6.6 - Medium
- February 03, 2025
In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291406; Issue ID: MSV-2070.
Memory Corruption
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling
CVE-2024-20147
- February 03, 2025
In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.
In checkKeyIntent of AccountManagerService.java
CVE-2024-40676
- January 28, 2025
In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In TBD of TBD, there is a possible use after free due to a race condition
CVE-2024-40670
- January 28, 2025
In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation
CVE-2024-40675
- January 28, 2025
In parseUriInternal of Intent.java, there is a possible infinite loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In Source of ZipFile.java
CVE-2024-40673
- January 28, 2025
In Source of ZipFile.java, there is a possible way for an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check
CVE-2024-40672
- January 28, 2025
In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java
CVE-2024-40677
- January 28, 2025
In shouldSkipForInitialSUW of AdvancedPowerUsageDetail.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In validateSsid of WifiConfigurationUtil.java
CVE-2024-40674
- January 28, 2025
In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition
CVE-2024-34732
- January 28, 2025
In RGXMMUCacheInvalidate of rgxmem.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow
CVE-2024-34733
- January 28, 2025
In DevmemXIntMapPages of devicemem_server.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting
CVE-2024-34748
- January 28, 2025
In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In TBD of TBD, there is a possible use-after-free due to a logic error in the code
CVE-2024-40649
- January 28, 2025
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In TBD of TBD, there is a possible use-after-free due to a logic error in the code
CVE-2024-40651
- January 28, 2025
In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
In TBD of TBD, there is a possible use after free due to a race condition
CVE-2024-40669
- January 28, 2025
In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In checkKeyIntentParceledCorrectly of AccountManagerService.java
CVE-2024-49744
- January 21, 2025
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In multiple functions of AccountManagerService.java
CVE-2024-49724
- January 21, 2025
In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In multiple functions of CompanionDeviceManagerService.java
CVE-2024-49732
- January 21, 2025
In multiple functions of CompanionDeviceManagerService.java, there is a possible way to grant permissions without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion
CVE-2024-49735
- January 21, 2025
In multiple locations, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In applyTaskFragmentOperation of WindowOrganizerController.java
CVE-2024-49737
- January 21, 2025
In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In writeInplace of Parcel.cpp, there is a possible out of bounds write
CVE-2024-49738
- January 21, 2025
In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check
CVE-2024-49745
- January 21, 2025
In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check
CVE-2023-40108
- January 21, 2025
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In reload of ServiceListing.java , there is a possible way to
CVE-2024-49733
- January 21, 2025
In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
In setActualDefaultRingtoneUri of RingtoneManager.java
CVE-2023-40132
- January 21, 2025
In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2024-43096
- January 21, 2025
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2024-43770
- January 21, 2025
In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check
CVE-2024-43771
- January 21, 2025
In gatts_process_read_req of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code
CVE-2024-49747
- January 21, 2025
In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow
CVE-2024-49748
- January 21, 2025
In gatts_process_primary_service_req of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow
CVE-2024-49749
- January 21, 2025
In DGifSlurp of dgif_lib.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code
CVE-2024-34730
- January 21, 2025
In multiple locations, there is a possible bypass of user consent to enabling new Bluetooth HIDs due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code
CVE-2024-43095
- January 21, 2025
In multiple locations, there is a possible way to obtain any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack
CVE-2024-43765
- January 21, 2025
In multiple locations, there is a possible way to obtain access to a folder due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
In onCreate of NotificationAccessConfirmationActivity.java
CVE-2024-49742
- January 21, 2025
In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
In multiple functions of ConnectivityService.java
CVE-2024-49734
- January 21, 2025
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Google Android or by Google? Click the Watch button to subscribe.
