Heap Buffer Overflow in cn_NrmmDecoder.cpp Affects Pixel Devices by Google
CVE-2025-36923

8HIGH

Key Information:

Vendor

Google
Status
Android
Vendor
CVE Published:
11 December 2025

What is CVE-2025-36923?

A vulnerability exists in the NrmmDecoder::DecodeSORTransparentContext function within cn_NrmmDecoder.cpp, which can lead to a potential out of bounds write due to a heap buffer overflow. This may allow an adjacent or remote user to escalate privileges without the need for additional execution privileges. No user interaction is required for exploitation, highlighting the importance of prompt updates and patches to address this security concern.

Affected Version(s)

Android Android kernel

References

https://source.android.com/security/bulletin/pixel/2025-1...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-36923 : Heap Buffer Overflow in cn_NrmmDecoder.cpp Affects Pixel Devices by Google