ASB-A-382243530 — Vulnetix

ASB-A-382243530 PUBLISHED

In multiple functions of quirks.c, there is a possible way to free arbitrary memory due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
Android	:linux_kernel:	:0, Kernel, :0

Exploit Intelligence

USN-7389-1.json (github-poc)
CveImporter.kt (github-poc)
kev.json (github-poc)
data.js (github-poc)
New-SyntheticTelemetry.ps1 (github-poc)
test_02_vulnerabilities.py (github-poc)

Timeline

Apr 1, 2025 CVE Published
May 15, 2026 CVE Updated

References

https://source.android.com/security/bulletin/2025-04-01 advisory
https://android.googlesource.com/kernel/common/+/5486704a6a0c592692efe67461dfa8db51fdc684 patch
https://android.googlesource.com/kernel/common/+/a84242054bec905a3c63d5701256a6f4af6bce81 patch

Open in Interactive Console →