Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Total 15289 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-20668 2 Google, Mediatek 8 Android, Mt6878, Mt6897 and 5 more 2026-06-17 N/A 7.8 HIGH
In scp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09625562; Issue ID: MSV-3027.
CVE-2025-20665 2 Google, Mediatek 53 Android, Mt6580, Mt6761 and 50 more 2026-06-17 N/A 5.5 MEDIUM
In devinfo, there is a possible information disclosure due to a missing SELinux policy. This could lead to local information disclosure of device identifier with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09555228; Issue ID: MSV-2760.
CVE-2025-20662 2 Google, Mediatek 2 Android, Mt9972 2026-06-17 N/A 6.7 MEDIUM
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04428276; Issue ID: MSV-3184.
CVE-2025-20661 2 Google, Mediatek 2 Android, Mt9972 2026-06-17 N/A 6.7 MEDIUM
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3185.
CVE-2025-20660 2 Google, Mediatek 2 Android, Mt9972 2026-06-17 N/A 6.7 MEDIUM
In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.
CVE-2025-20658 2 Google, Mediatek 19 Android, Mt2718, Mt6781 and 16 more 2026-06-17 N/A 6.0 MEDIUM
In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.
CVE-2025-20657 2 Google, Mediatek 14 Android, Mt6765, Mt6768 and 11 more 2026-06-17 N/A 6.7 MEDIUM
In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.
CVE-2025-20656 5 Google, Linuxfoundation, Mediatek and 2 more 20 Android, Yocto, Mt6781 and 17 more 2026-06-17 N/A 6.8 MEDIUM
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
CVE-2025-20655 2 Google, Mediatek 2 Android, Mt9972 2026-06-17 N/A 5.3 MEDIUM
In keymaster, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04427687; Issue ID: MSV-3183.
CVE-2025-20653 2 Google, Mediatek 15 Android, Mt6781, Mt6789 and 12 more 2026-06-17 N/A 6.5 MEDIUM
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.
CVE-2025-20652 2 Google, Mediatek 45 Android, Mt6580, Mt6739 and 42 more 2026-06-17 N/A 4.6 MEDIUM
In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.
CVE-2025-20651 5 Google, Linuxfoundation, Mediatek and 2 more 25 Android, Yocto, Mt2737 and 22 more 2026-06-17 N/A 4.1 MEDIUM
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.
CVE-2025-20650 5 Google, Linuxfoundation, Mediatek and 2 more 25 Android, Yocto, Mt2737 and 22 more 2026-06-17 N/A 6.8 MEDIUM
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.
CVE-2025-20648 2 Google, Mediatek 10 Android, Mt2718, Mt6879 and 7 more 2026-06-17 N/A 5.5 MEDIUM
In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09456673; Issue ID: MSV-2584.
CVE-2025-20645 2 Google, Mediatek 15 Android, Mt6765, Mt6768 and 12 more 2026-06-17 N/A 7.8 HIGH
In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09475476; Issue ID: MSV-2599.
CVE-2025-20643 2 Google, Mediatek 44 Android, Mt6739, Mt6761 and 41 more 2026-06-17 N/A 3.9 LOW
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.
CVE-2025-20642 2 Google, Mediatek 44 Android, Mt6739, Mt6761 and 41 more 2026-06-17 N/A 6.6 MEDIUM
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2057.
CVE-2025-20641 2 Google, Mediatek 44 Android, Mt6739, Mt6761 and 41 more 2026-06-17 N/A 6.6 MEDIUM
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2058.
CVE-2025-20640 2 Google, Mediatek 44 Android, Mt6739, Mt6761 and 41 more 2026-06-17 N/A 4.3 MEDIUM
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2059.
CVE-2025-20639 2 Google, Mediatek 44 Android, Mt6739, Mt6761 and 41 more 2026-06-17 N/A 6.6 MEDIUM
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.