Details of VAR-202505-2448

ID

VAR-202505-2448

CVE

CVE-2025-27701

TITLE

Google Pixel Information Leak Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-11245

DESCRIPTION

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. Google Pixel is a smartphone produced by Google Inc. in the United States. Google Pixel has an information leakage vulnerability that can be exploited by attackers to cause out-of-bounds reading

Trust: 1.44

sources: NVD: CVE-2025-27701 // CNVD: CNVD-2025-11245

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-11245

AFFECTED PRODUCTS

vendor:

google

model:

pixel

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2025-11245

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-27701
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-11245
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-11245
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-27701
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-11245 // NVD: CVE-2025-27701

PROBLEMTYPE DATA

problemtype:

CWE-476

Trust: 1.0

sources: NVD: CVE-2025-27701

PATCH

title:

Patch for Google Pixel Information Leak Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/693846

Trust: 0.6

sources: CNVD: CNVD-2025-11245

EXTERNAL IDS

db:	NVD	id:	CVE-2025-27701	Trust: 1.6
db:	CNVD	id:	CNVD-2025-11245	Trust: 0.6

sources: CNVD: CNVD-2025-11245 // NVD: CVE-2025-27701

REFERENCES

url:

https://source.android.com/security/bulletin/pixel/2025-05-01

Trust: 1.6

sources: CNVD: CNVD-2025-11245 // NVD: CVE-2025-27701

SOURCES

db:	CNVD	id:	CNVD-2025-11245
db:	NVD	id:	CVE-2025-27701

LAST UPDATE DATE

2025-06-04T22:59:18.035000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-11245	date:	2025-06-03T00:00:00
db:	NVD	id:	CVE-2025-27701	date:	2025-05-28T15:01:30.720

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-11245	date:	2025-06-03T00:00:00
db:	NVD	id:	CVE-2025-27701	date:	2025-05-27T16:15:31.390