CVE-2025-36903
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-04
Last updated on: 2025-09-05
Assigner: Google Devices
Description
Description
In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the lwis_io_buffer_write function where improper input validation can cause an out-of-bounds (OOB) read or write. This means the program may access memory outside the intended buffer, potentially leading to unexpected behavior or security issues.
How can this vulnerability impact me? :
The vulnerability can lead to local escalation of privilege, allowing an attacker with limited privileges to gain higher privileges on the affected system. Exploitation does not require user interaction or additional execution privileges.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70