—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple vulnerabilities in Google Android 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google Android versions 13, 14, 15, 16.

Overview

Multiple vulnerabilities have been reported in Google Android, which could allow a remote attacker to gain elevated privileges, obtain sensitive information or cause denial of service (DoS) on the targeted system.

Target Audience:

All OEMs and users of Google Android

Risk Assessment:

High risk of full system compromise, system instability, or sensitive data exposure.

Impact Assessment:

Elevation of privileges, memory corruption, discloses sensitive information, denial of service (DoS).

Description

Android is an open-source operating system primarily designed for mobile devices, including smart phones, tablets, smart watches, and other embedded system.

Multiple vulnerabilities exist in Google Android due to flaws in the Android bug ID, Qualcomm reference number, MediaTek reference number, NVIDIA reference number, Broadcom reference number, UNISOC reference number.

Successful exploitation of these vulnerabilities could allow a remote attacker to gain elevated privileges, obtain sensitive information or cause denial of service (DoS) on the targeted system.

Solution

Apply appropriate updates when made available by respective OEMs.

https://source.android.com/docs/security/bulletin/2025-12-01

Vendor Information

Google Android

https://source.android.com/docs/security/bulletin/2025-12-01

References

Google Android

https://source.android.com/docs/security/bulletin/2025-12-01

CVE Name

CVE-2023-40130

CVE-2024-35970

CVE-2025-22420

CVE-2025-22432

CVE-2025-32319

CVE-2025-32328

CVE-2025-32329

CVE-2025-38236

CVE-2025-38349

CVE-2025-38500

CVE-2025-48525

CVE-2025-48536

CVE-2025-48555

CVE-2025-48564

CVE-2025-48565

CVE-2025-48566

CVE-2025-48572

CVE-2025-48573

CVE-2025-48575

CVE-2025-48576

CVE-2025-48580

CVE-2025-48583

CVE-2025-48584

CVE-2025-48586

CVE-2025-48588

CVE-2025-48589

CVE-2025-48590

CVE-2025-48591

CVE-2025-48592

CVE-2025-48594

CVE-2025-48596

CVE-2025-48597

CVE-2025-48598

CVE-2025-48599

CVE-2025-48600

CVE-2025-48601

CVE-2025-48603

CVE-2025-48604

CVE-2025-48607

CVE-2025-48610

CVE-2025-48612

CVE-2025-48614

CVE-2025-48615

CVE-2025-48617

CVE-2025-48618

CVE-2025-48620

CVE-2025-48621

CVE-2025-48622

CVE-2025-48623

CVE-2025-48624

CVE-2025-48626

CVE-2025-48627

CVE-2025-48628

CVE-2025-48629

CVE-2025-48631

CVE-2025-48632

CVE-2025-48633

CVE-2025-48637

CVE-2025-48638

CVE-2025-48639

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkwS7IACgkQ3jCgcSdc

ys/GIBAAngbhHDvICqi3Ngw7xxDroXNx19aeVPvtykVkt4jRpEr2x6ujQx9IOXAQ

tDVkFh8l5qXGirdCQqx7sUzTGgFuMbM/Ucm8Q4Fb4H5eNHzKQmjPk3UKfgbY8KQF

3oMkqW4tZeAIxhWyuNksWN7QGNZrgCG2RZfhgqJOaZE7CnQbcQA1vXtk74Xco4BX

XQvtOnoBdZMhYds7YBBTVlFJip8nXQHhfjQt2YSGqZk+wGP8ih07py0qO6L2oXc0

Pzqq25JTVkym1sJHqW3CoxExxRZ1gRWaKuPQ+H0vr6Qxqtf8WlKLVyWkk1V3cujE

+lSt69aniaxi/ST/ossCdJAtRXEDikf+HPCEJE1JKnrRd8grIMaD2itPxj4EkUcx

Y7iMAS1zcYJ/nD/LaEeVwnfcRu46YsDP2AYpVEtBbO5V8+5CcyxFOMT+j9RSL+Rj

VFcf+xU/9azmPCI6Ur52UypogRH+RbfNlRBfbvpkRq4E9oAeZOYCJX5FEv/WLo7g

N7RhYIKI7Re5b346oXHRN73fvktv1Njv8rXzNZcatnvWUx33n0o2X0ktxHlVQo9U

2PbMbJow7sXH7ijoN1VcQC9JOC3cU3vAL6O3pOebN0Em8R8vNB8GaIZMR0Be1MJq

eM1YoCcEz4EWNxQdNriYoO0PWWjwEGm8ufgXnf3sBMF6GmPN5T4=

=+GFS

—–END PGP SIGNATURE—–