Multiple vulnerabilities in Google Android



| Updated: 2025-02-05
Risk High
Patch available YES
Number of vulnerabilities 36
CVE-ID CVE-2024-45569
CVE-2024-38420
CVE-2024-38404
CVE-2024-49843
CVE-2024-49839
CVE-2024-49834
CVE-2024-49833
CVE-2024-49832
CVE-2024-45582
CVE-2024-45571
CVE-2024-53104
CVE-2024-52935
CVE-2024-47892
CVE-2024-46973
CVE-2024-43705
CVE-2025-0015
CVE-2025-0088
CVE-2024-49729
CVE-2025-0091
CVE-2025-0094
CVE-2024-49741
CVE-2025-0100
CVE-2025-0099
CVE-2025-0097
CVE-2024-49746
CVE-2024-49743
CVE-2024-49721
CVE-2025-0098
CVE-2024-49723
CVE-2025-0096
CVE-2025-0095
CVE-2025-20634
CVE-2024-20141
CVE-2024-20142
CVE-2025-20635
CVE-2025-20636
CWE-ID CWE-129
CWE-119
CWE-126
CWE-416
CWE-787
CWE-264
CWE-362
CWE-200
CWE-20
CWE-123
Exploitation vector Network
Public exploit Vulnerability #11 is being exploited in the wild.
Vulnerable software
Google Android
Operating systems & Components / Operating system

Vendor Google

Security Bulletin

This security bulletin contains information about 36 vulnerabilities.

1) Improper Validation of Array Index

EUVDB-ID: #VU103523

Risk: High

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-45569

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU103518

Risk: Low

CVSSv4.0: N/A

CVE-ID: CVE-2024-38420

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error while configuring a Hypervisor based input virtual device. A local user can trigger memory corruption and execute arbitrary code on the target system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer over-read

EUVDB-ID: #VU103517

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-38404

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation in Multi Mode Call Processor. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Validation of Array Index

EUVDB-ID: #VU103532

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49843

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Graphics_Linux. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer over-read

EUVDB-ID: #VU103531

Risk: High

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-49839

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in WLAN Host Cmn. A remote attacker can read and manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Validation of Array Index

EUVDB-ID: #VU103529

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49834

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Validation of Array Index

EUVDB-ID: #VU103528

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49833

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper Validation of Array Index

EUVDB-ID: #VU103527

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49832

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper Validation of Array Index

EUVDB-ID: #VU103525

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45582

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Camera Driver. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use After Free

EUVDB-ID: #VU103524

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45571

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN Host Communication. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds write

EUVDB-ID: #VU101102

Risk: High

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:]

CVE-ID: CVE-2024-53104

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the uvc_parse_format() function in drivers/media/usb/uvc/uvc_driver.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

12) Out-of-bounds write

EUVDB-ID: #VU103558

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-52935

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a guest OS to execute arbitrary code.

The vulnerability exists due to a boundary error when processing untrusted input. Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest’s virtualised GPU memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU103557

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47892

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error of kernel memory in PMRUnlockPhysAddressesOSMem for on-demand non-4KB PMRs in system memory (UMA). A local user can conduct GPU system calls to read and write freed physical memory from the GPU.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU103556

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46973

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local process to escalate privileges on the system.

The vulnerability exists due to a reference count mismanagement in psServerMMUContext . A local process can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU103555

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43705

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local process to overwrite read-only memory.

The vulnerability exists due to improper privilege management in PVRSRVBridgePhysmemWrapExtMem. A local process can write to arbitrary read-only system files that have been mapped into application memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU103506

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0015

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a use-after-free error. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Race condition

EUVDB-ID: #VU103554

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0088

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in SPF. A local user can exploit the race and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: before 12L 2025-02-05, 12 2025-02-05, 13 2025-02-05, 14 2025-02-05, 15 2025-02-05

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01#spl-details


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Information exposure

EUVDB-ID: #VU103553

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49729

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-02-01, 12L 2025-02-01, 13 2025-02-01, 14 2025-02-01, 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/system/core/+/a1b00e3f3412c6de6fddb53e603264deb248dace
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU103549

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0091

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-02-01, 12L 2025-02-01, 13 2025-02-01, 14 2025-02-01, 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/packages/apps/Settings/+/e3bbc415adb51975aeade545725b6931099d412e
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU103548

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0094

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Platform component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-02-01, 12L 2025-02-01, 13 2025-02-01, 14 2025-02-01, 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/packages/apps/Settings/+/c86bccb4e1d3af30e7e89310a3f176091eb497ef
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU103547

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49741

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-02-01, 12L 2025-02-01, 13 2025-02-01, 14 2025-02-01, 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/frameworks/base/+/047bc1ce62f84aa0bd5827b49edb330e1cc2da8b
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Information exposure

EUVDB-ID: #VU103546

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0100

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-02-01, 12L 2025-02-01, 13 2025-02-01, 14 2025-02-01, 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/frameworks/base/+/0e462ffab7727e282af15945aeecdb9b1709e4e9
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU103545

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0099

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/frameworks/base/+/7946586c33503bc383403faec48ffcea39e365ac
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU103543

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0097

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/frameworks/base/+/a4a8fca641b0671a8c1d2bb3857dc5fc40d01704
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU103542

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49746

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-02-01, 12L 2025-02-01, 13 2025-02-01, 14 2025-02-01, 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/frameworks/native/+/9aaf913c6f0efc93e805a6baa02d2077108809e1
http://android.googlesource.com/platform/frameworks/native/+/b3cdb06ab9137a67e4ee212ae6655de383fdaaaa
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU103541

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49743

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-02-01, 12L 2025-02-01, 13 2025-02-01, 14 2025-02-01, 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/frameworks/base/+/72a3d2d72c39fd48f0a960a1b3c1e16e307421df
http://android.googlesource.com/platform/frameworks/base/+/b8a1a5d47c3916fe08deefaefd8772092b4fb03c
http://android.googlesource.com/platform/frameworks/base/+/f1fd60bb80f9ea95c61b5392102a4afedd948188
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU103540

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49721

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 12 2025-02-01, 12L 2025-02-01, 13 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/frameworks/base/+/7714ccb85ed961083dcc97e230c71242c3422b5e
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU103544

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0098

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/frameworks/base/+/9515a9448c528d45c9b673e2e9b61971bc7e58c1
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Information exposure

EUVDB-ID: #VU103552

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49723

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/external/conscrypt/+/79117043c54eb2fc91ece695c90938d60904d59f
http://android.googlesource.com/platform/libcore/+/c9d01a45928e0cdd2e6102c1c0ecf23a9de3601f
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU103551

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0096

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/hardware/st/nfc/+/58728fc8363b3b073f1561b253da4a42998fed11
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU103550

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-0095

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Google Android: before 14 2025-02-01, 15 2025-02-01

CPE2.3
External links

http://android.googlesource.com/platform/packages/apps/Settings/+/4b99ae729036d9d8bb75fa9503c10e7c87b27c2c
http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds write

EUVDB-ID: #VU103562

Risk: High

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2025-20634

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Modem. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 1.0 - 15 2025-02-01

CPE2.3 External links

http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Write-what-where Condition

EUVDB-ID: #VU103566

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20141

CWE-ID: CWE-123 - Write-what-where Condition

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 1.0 - 15 2025-02-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds write

EUVDB-ID: #VU103567

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-20142

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 1.0 - 15 2025-02-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds write

EUVDB-ID: #VU103563

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20635

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 1.0 - 15 2025-02-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds write

EUVDB-ID: #VU103564

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20636

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to a missing bounds check within secmem. A local application can execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Google Android: 1.0 - 15 2025-02-01

CPE2.3
External links

http://source.android.com/docs/security/bulletin/2025-02-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###