Memory Corruption Vulnerability in Shared Memory Management of Android Products
CVE-2025-36935

7.8HIGH

Key Information:

Vendor: Google
Status: Android
Vendor: CVE Published:; 11 December 2025

What is CVE-2025-36935?

A vulnerability identified in the shared memory management component of Android systems can lead to memory corruption caused by uninitialized data in the function trusty_ffa_mem_reclaim. This flaw allows local applications to potentially escalate privileges, enabling unauthorized access to system resources without requiring user interaction. The issue presents serious security implications for affected devices and highlights the need for timely updates to mitigate risks.

Affected Version(s)

Android Android kernel

References

https://source.android.com/security/bulletin/pixel/2025-1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Google

What is CVE-2025-36935?

Affected Version(s)

References

CVSS V3.1

Timeline