CVE-2025-27701

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://source.android.com/security/bulletin/pixel/2025-05-01

Configurations

No configuration.

History

28 May 2025, 15:01

Type	Values Removed	Values Added
Summary		(es) En la función process_crypto_cmd, los valores de ptrs[i] pueden ser potencialmente iguales a NULL, que es un valor válido después de llamar a slice_map_array(). Posteriormente, estos valores se desreferenciarán sin una comprobación previa de NULL, lo que puede provocar una denegación de servicio temporal local o una lectura fuera de banda, lo que conlleva la divulgación de información.

27 May 2025, 19:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476

27 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-27 16:15

Updated : 2025-05-28 15:01

NVD link : CVE-2025-27701

Mitre link : CVE-2025-27701

CVE.ORG link : CVE-2025-27701

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

5.5 /10