Local Temporary DoS and OOB Read in Pixel Devices by Android
CVE-2025-27701

5.5MEDIUM

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
27 May 2025

What is CVE-2025-27701?

A vulnerability in the process_crypto_cmd function of Pixel devices allows for potential null pointer dereferencing. This occurs when pointers returned from slice_map_array() are not properly checked for null values before being dereferenced, leading to local temporary denial of service (DoS) and out-of-bounds (OOB) read situations. This flaw can ultimately result in information disclosure, posing a risk to sensitive user data.

Affected Version(s)

Android Android kernel

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.