CVE-2025-36924
BaseFortify
Publication date: 2025-12-11
Last updated on: 2025-12-12
Assigner: Google Devices
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Users should update their devices to the latest security patch level, specifically the December 5, 2025 patch or later, which includes fixes for vulnerabilities affecting Google Pixel devices. Applying the latest firmware updates from the Google Developer site is recommended to mitigate this and related security issues. [1]
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write in the function ss_DecodeLcsAssistDataReqMsg(void) within the ss_LcsManagement.c file. It occurs due to an incorrect bounds check, which means the program writes data outside the intended memory area. This flaw can be exploited remotely by an attacker who is nearby or adjacent, allowing them to escalate their privileges without needing any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker in close proximity to escalate their privileges on the affected system without requiring user interaction or additional execution privileges. This could lead to unauthorized access or control over system functions, potentially compromising system security and integrity.