Pierluigi Paganini
December 02, 2025
Google’s new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components.
Here’s a concise summary under 160 characters:
December’s Android update offers two patch levels (12-01, 12-05) for faster fixes across devices.
The two high-severity vulnerabilities that are “under limited, targeted exploitation” are:
As usual, Google did not provide technical details about the attacks exploiting the above vulnerabilities.
The tech giant also addressed the following critical vulnerabilities in the kernel component:
| CVE | References | Type | Severity | Subcomponent |
|---|---|---|---|---|
| CVE-2025-48623 | A-436580278 Upstream kernel [2] | EoP | Critical | pKVM |
| CVE-2025-48624 | A-443053939 Upstream kernel | EoP | Critical | IOMMU |
| CVE-2025-48637 | A-443763663 Upstream kernel [2] | EoP | Critical | pKVM |
| CVE-2025-48638 | A-442540376 Upstream kernel [2] | EoP | Critical | pKVM |
and Qualcomm closed-source components:
| CVE | References | Severity | Subcomponent |
|---|---|---|---|
| CVE-2025-47319 | A-421905250* | Critical | Closed-source component |
| CVE-2025-47372 | A-442619421* | Critical | Closed-source component |
“The most severe of these issues is a critical security vulnerability in the Framework component that could lead to remote denial of service with no additional execution privileges needed.” reads the advisory published by Google. “The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Google)
Security / December 02, 2025
Cyber Crime / December 02, 2025
