CVE-2025-20765
02.12.2025, 03:16
In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
| Vendor | Product | Version |
|---|---|---|
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| android | 16.0 | |
| openwrt | openwrt | 21.02.0 |
| openwrt | openwrt | 23.05.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-415 - Double FreeThe product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.