CVE-2025-36917 – This vulnerability in SwDcpItg of up

Q: What is the severity of CVE-2025-36917?

CVE-2025-36917 has a CVSS score of 6.5 (MEDIUM). This vulnerability in SwDcpItg of up_L2commonPdcpSecurity.cpp allows remote attackers to cause denial of service through an incorrect bounds check. It affects Android Pixel devices and potentially other Android implementations using this component. No user interaction is required for exploitation.

📋 TL;DR

This vulnerability in SwDcpItg of up_L2commonPdcpSecurity.cpp allows remote attackers to cause denial of service through an incorrect bounds check. It affects Android Pixel devices and potentially other Android implementations using this component. No user interaction is required for exploitation.

💻 Affected Systems

Products:

Google Pixel devices
Android implementations using SwDcpItg component

Versions: Android versions prior to December 2025 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the PDCP security layer implementation in cellular network stack

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or service disruption on affected devices, potentially affecting multiple devices in a network if exploited at scale.

🟠

Likely Case

Individual device instability or temporary service interruption requiring reboot to restore functionality.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated devices.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Remote exploitation without authentication makes this particularly dangerous in exposed environments

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2025 Android security patch

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-12-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install December 2025 security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices from untrusted networks

Disable cellular data

android

Temporarily disable cellular connectivity to prevent remote exploitation

🧯 If You Can't Patch

Isolate affected devices in separate network segments
Implement strict network access controls and monitor for abnormal traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Build number

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'December 1, 2025' or later

📡 Detection & Monitoring

Log Indicators:

Kernel panics
PDCP layer errors
Unexpected process terminations in cellular stack

Network Indicators:

Abnormal cellular protocol traffic
Unexpected connection resets

SIEM Query:

source="android_logs" AND ("PDCP" OR "SwDcpItg") AND ("crash" OR "panic" OR "error")

📊 Metadata

CVE ID: CVE-2025-36917

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.14% exploit probability (33.5th percentile)

Published: December 11, 2025

Last Updated: December 12, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2025-12-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36917, you might also want to check these: