CVE-2025-27701 | THREATINT

Description

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure.

PUBLISHED Reserved 2025-03-05 | Published 2025-05-27 | Updated 2025-09-04 | Assigner Google_Devices

Problem types

Information disclosure

Product status

Default status

unaffected

Android kernel

affected

References

source.android.com/security/bulletin/pixel/2025-05-01

cve.org (CVE-2025-27701)

nvd.nist.gov (CVE-2025-27701)

Download JSON