Sign-up

ID

VAR-202505-2448


CVE

CVE-2025-27701


TITLE

Google  of  Android  In  NULL  Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-009992

DESCRIPTION

In the function process_crypto_cmd, the values of ptrs[i] can be potentially equal to NULL which is valid value after calling slice_map_array(). Later this values will be derefenced without prior NULL check, which can lead to local Temporary DoS or OOB Read, leading to information disclosure. Google of Android for, NULL There is a vulnerability in pointer dereference.Information may be obtained. Google Pixel is a smartphone produced by Google Inc. in the United States. Google Pixel has an information leakage vulnerability that can be exploited by attackers to cause out-of-bounds reading

Trust: 2.16

sources: NVD: CVE-2025-27701 // JVNDB: JVNDB-2025-009992 // CNVD: CNVD-2025-11245

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11245

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.8

vendor:googlemodel:androidscope: - version: -

Trust: 0.8

vendor:googlemodel:pixelscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2025-11245 // JVNDB: JVNDB-2025-009992 // NVD: CVE-2025-27701

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-27701
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-009992
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2025-11245
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-11245
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-27701
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-009992
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-11245 // JVNDB: JVNDB-2025-009992 // NVD: CVE-2025-27701

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.0

problemtype:NULL Pointer dereference (CWE-476) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-009992 // NVD: CVE-2025-27701

PATCH

title:Patch for Google Pixel Information Leak Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/693846

Trust: 0.6

sources: CNVD: CNVD-2025-11245

EXTERNAL IDS

db:NVDid:CVE-2025-27701

Trust: 3.2

db:JVNDBid:JVNDB-2025-009992

Trust: 0.8

db:CNVDid:CNVD-2025-11245

Trust: 0.6

sources: CNVD: CNVD-2025-11245 // JVNDB: JVNDB-2025-009992 // NVD: CVE-2025-27701

REFERENCES

url:https://source.android.com/security/bulletin/pixel/2025-05-01

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2025-27701

Trust: 0.8

sources: CNVD: CNVD-2025-11245 // JVNDB: JVNDB-2025-009992 // NVD: CVE-2025-27701

SOURCES

db:CNVDid:CNVD-2025-11245
db:JVNDBid:JVNDB-2025-009992
db:NVDid:CVE-2025-27701

LAST UPDATE DATE

2025-07-29T23:07:20.079000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-11245date:2025-06-03T00:00:00
db:JVNDBid:JVNDB-2025-009992date:2025-07-28T06:27:00
db:NVDid:CVE-2025-27701date:2025-07-24T15:11:57.320

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-11245date:2025-06-03T00:00:00
db:JVNDBid:JVNDB-2025-009992date:2025-07-28T00:00:00
db:NVDid:CVE-2025-27701date:2025-05-27T16:15:31.390