CVE-2025-36919 – This vulnerability allows local attackers to es... (How to Fix)

Q: What is the severity of CVE-2025-36919?

CVE-2025-36919 has a CVSS score of 7.8 (HIGH). This vulnerability allows local attackers to escalate privileges on affected Android devices through a double-free condition in the aocc_read function. It affects Android devices, particularly Google Pixel phones, and requires no user interaction for exploitation. Attackers could gain elevated system privileges from a standard user context.

📋 TL;DR

This vulnerability allows local attackers to escalate privileges on affected Android devices through a double-free condition in the aocc_read function. It affects Android devices, particularly Google Pixel phones, and requires no user interaction for exploitation. Attackers could gain elevated system privileges from a standard user context.

💻 Affected Systems

Products:

Google Pixel phones
Android devices with affected kernel components

Versions: Android versions prior to December 2025 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the aoc_channel_dev.c kernel driver. All devices with vulnerable kernel versions are affected regardless of configuration.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to gain root privileges, install persistent malware, access all user data, and bypass security controls.

🟠

Likely Case

Local privilege escalation allowing attackers to execute arbitrary code with elevated permissions, potentially leading to data theft or further system compromise.

🟢

If Mitigated

Limited impact if devices are fully patched, have strict app sandboxing, and minimal local attack surface.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device.

🏢 Internal Only: HIGH - Malicious apps or users with physical/network access to devices could exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access but no authentication beyond standard app permissions. Double-free exploitation requires precise timing and memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2025 Android security patch or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2025-12-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install December 2025 security patch or later. 3. Reboot device after installation completes.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and network access to vulnerable devices to reduce attack surface

App sandbox hardening

android

Implement strict app permissions and isolation to limit potential exploit vectors

🧯 If You Can't Patch

Isolate vulnerable devices from networks and limit user access
Implement application allowlisting and restrict installation of untrusted apps

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is before December 2025, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows December 2025 or later after update installation.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Double-free detection in kernel logs
Unexpected privilege escalation attempts

Network Indicators:

Unusual outbound connections from system processes post-exploitation

SIEM Query:

source="android_kernel" AND ("double free" OR "aoc_channel_dev" OR privilege_escalation)

📊 Metadata

CVE ID: CVE-2025-36919

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-415

EPSS Score: 0.01% exploit probability (0.4th percentile)

Published: December 11, 2025

Last Updated: December 12, 2025

🔗 References

https://source.android.com/security/bulletin/pixel/2025-12-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-36919, you might also want to check these: