CVE-2025-36938
MEDIUMDescription
In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Is your site exposed to CVE-2025-36938?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| android |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-36938? +
How severe is CVE-2025-36938? +
What products are affected by CVE-2025-36938? +
How do I check if I'm vulnerable to CVE-2025-36938? +
Related Vulnerabilities
Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention (DLP) component for Windows allow a local user …
Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed …
Twig is a template language for PHP. Prior to 3.27.0, deprecated internal wrappers in src/Resources/core.php do not forward the current …
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security …
Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to …
Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not …