Out of Bounds Write Vulnerability in Android Kernel by Google
CVE-2025-48637

7.8HIGH

Key Information:

Vendor

Google
Status
Android
Vendor
CVE Published:
8 December 2025

What is CVE-2025-48637?

In multiple functions within the mem_protect.c file of the Android Kernel, an out of bounds write vulnerability exists due to an integer overflow. This issue may allow attackers to escalate privileges locally without the need for additional execution rights. Furthermore, the exploitation of this vulnerability does not require user interaction, presenting a significant risk to the security of systems utilizing affected versions of the Android Kernel.

Affected Version(s)

Android Android kernel

References

https://android.googlesource.com/kernel/common/+/4cfc9c2d...
https://android.googlesource.com/kernel/common/+/aff2255d...
https://source.android.com/security/bulletin/2025-12-01

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-48637 : Out of Bounds Write Vulnerability in Android Kernel by Google