SB2025040766 - Multiple vulnerabilities in Google Android
Published: April 7, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 57 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2025-20655)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within keymaster. A local application can gain access to sensitive information.
2) Buffer over-read (CVE-ID: CVE-2025-21448)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
3) Buffer over-read (CVE-ID: CVE-2024-45552)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Data Network Stack & Connectivity. A remote attacker can read and manipulate data.
4) Exposure of Sensitive System Information to an Unauthorized Control Sphere (CVE-ID: CVE-2024-45549)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in KERNEL. A local application can read and manipulate data.
5) Exposed Dangerous Method or Function (CVE-ID: CVE-2024-43065)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in HLOS. A local application can read and manipulate data.
6) Insufficient Granularity of Access Control (CVE-ID: CVE-2024-33058)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local privileged application can execute arbitrary code.
7) Weak Authentication (CVE-ID: CVE-2024-45551)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation in HLOS. A local application can gain access to sensitive information.
8) Use After Free (CVE-ID: CVE-2025-21436)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Service. A local application can execute arbitrary code.
9) Buffer over-read (CVE-ID: CVE-2025-21435)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can perform a denial of service (DoS) attack.
10) Buffer over-read (CVE-ID: CVE-2025-21434)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
11) Buffer over-read (CVE-ID: CVE-2025-21430)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
12) Buffer over-read (CVE-ID: CVE-2025-21429)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Host. A remote attacker can perform a denial of service (DoS) attack.
13) Use After Free (CVE-ID: CVE-2024-49848)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Service. A local privileged application can execute arbitrary code.
14) Use After Free (CVE-ID: CVE-2024-43066)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.
15) Out-of-bounds write (CVE-ID: CVE-2025-20658)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a logic error within DA. A local application can execute arbitrary code.
16) Use-after-free (CVE-ID: CVE-2024-50264)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the virtio_transport_destruct() function in net/vmw_vsock/virtio_transport_common.c. A local user can escalate privileges on the system.
17) Use-after-free (CVE-ID: CVE-2024-46972)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a reference count overflow in pvr_sync_rollback_export_fence. A local application can trigger a use-after-free error and escalate privileges on the system.
18) Out-of-bounds write (CVE-ID: CVE-2024-53197)
The vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited against Android devices.
19) Use-after-free (CVE-ID: CVE-2024-56556)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the binder_txns_pending_ilocked() and binder_add_freeze_work() functions in drivers/android/binder.c. A local user can escalate privileges on the system.
20) Out-of-bounds read (CVE-ID: CVE-2024-53150)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the DESC_LENGTH_CHECK(), validate_clock_source() and validate_clock_selector() functions in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.
21) Buffer overflow (CVE-ID: CVE-2025-0050)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
22) Improper privilege management (CVE-ID: CVE-2024-43702)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to MLIST/PM render state buffers writable. A local application can write data to arbitrary kernel memory pages.
23) Use-after-free (CVE-ID: CVE-2024-43703)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to duplicate calls to RGXCreateFreeList. A local application can trigger a use-after-free error and execute arbitrary code with elevated privileges.
24) Out-of-bounds write (CVE-ID: CVE-2024-47897)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in VRSRVRGXGetEnabledHWPerfBlocksKM. A local application can trigger an out-of-bounds write and execute arbitrary code on the system.
25) Out-of-bounds write (CVE-ID: CVE-2025-20657)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within vdec. A local application can execute arbitrary code.
26) Out-of-bounds write (CVE-ID: CVE-2024-52936)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in rgxfw_hwperf_config. Kernel software installed on Guest VM can post improper commands to the GPU Firmware to write data outside the Guest’s virtualised GPU memory.
27) Out-of-bounds write (CVE-ID: CVE-2024-52937)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the rgxfw_kernel_CMD_DISABLE_ZSSTORE() function. Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest’s virtualised GPU memory.
28) Out-of-bounds write (CVE-ID: CVE-2024-52938)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the rgxfw_pm_add_freelist_for_reconstruction() function. Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest’s virtualised GPU memory.
29) Out-of-bounds read (CVE-ID: CVE-2024-47894)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
30) Out-of-bounds read (CVE-ID: CVE-2024-47895)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
31) Out-of-bounds write (CVE-ID: CVE-2025-20656)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within DA. A local application can execute arbitrary code.
32) Improper input validation (CVE-ID: CVE-2025-22427)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
33) Improper input validation (CVE-ID: CVE-2025-22435)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
34) Improper input validation (CVE-ID: CVE-2025-22418)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
35) Improper input validation (CVE-ID: CVE-2024-49730)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
36) Improper input validation (CVE-ID: CVE-2024-49720)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
37) Improper input validation (CVE-ID: CVE-2024-40653)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
38) Improper input validation (CVE-ID: CVE-2025-22428)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
39) Improper input validation (CVE-ID: CVE-2025-22419)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
40) Improper input validation (CVE-ID: CVE-2025-22433)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
41) Improper input validation (CVE-ID: CVE-2025-22439)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
42) Improper input validation (CVE-ID: CVE-2025-22431)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
43) Information exposure (CVE-ID: CVE-2025-22421)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
44) Information exposure (CVE-ID: CVE-2024-49722)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
45) Improper input validation (CVE-ID: CVE-2025-22442)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
46) Improper input validation (CVE-ID: CVE-2025-22437)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
47) Improper input validation (CVE-ID: CVE-2025-22434)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
48) Improper input validation (CVE-ID: CVE-2025-22424)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
49) Improper input validation (CVE-ID: CVE-2025-22426)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
50) Improper input validation (CVE-ID: CVE-2025-22417)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
51) Improper input validation (CVE-ID: CVE-2025-22416)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
52) Information exposure (CVE-ID: CVE-2025-22429)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
53) Improper input validation (CVE-ID: CVE-2025-22438)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
54) Improper input validation (CVE-ID: CVE-2025-22422)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
55) Improper input validation (CVE-ID: CVE-2025-22423)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
56) Information exposure (CVE-ID: CVE-2025-22430)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
57) Improper input validation (CVE-ID: CVE-2025-26416)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
Remediation
Install update from vendor's website.