CVE-2025-20746
04.11.2025, 07:15
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967.Enginsight
| Vendor | Product | Version |
|---|---|---|
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| openwrt | openwrt | 21.02.0 |
| openwrt | openwrt | 23.05.0 |
| zephyrproject | zephyr | 3.7.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.