CVE-2025-36919 is a vulnerability identified in the Android kernel, specifically within the aocc_read function in the aoc_channel_dev.c source file. The root cause is a double free condition triggered by improper locking mechanisms, which can lead to memory corruption. This flaw allows a local attacker, who already has some level of access to the device, to escalate their privileges without needing additional execution privileges or any user interaction. The double free vulnerability can cause the kernel to behave unpredictably, potentially allowing the attacker to execute arbitrary code with elevated privileges or cause a denial of service. Since the vulnerability resides in the kernel, exploitation could compromise the entire device's security, affecting confidentiality, integrity, and availability of data and services. No public exploits have been reported yet, but the vulnerability is serious due to its nature and the critical role of the kernel in device security. The vulnerability was reserved in April 2025 and published in December 2025, but no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a significant risk, especially those with employees or operations relying heavily on Android devices for communication, data access, or operational control. An attacker exploiting this flaw could gain root-level access on affected devices, bypassing security controls and potentially accessing sensitive corporate data, installing persistent malware, or disrupting device functionality. This could lead to data breaches, loss of intellectual property, or operational downtime. The impact is heightened in sectors like finance, healthcare, and critical infrastructure where mobile device security is paramount. Additionally, the lack of required user interaction simplifies exploitation, increasing the risk of widespread compromise. The vulnerability could also undermine trust in mobile device security, affecting compliance with data protection regulations such as GDPR.

Immediate mitigation should focus on monitoring for updates and patches from Google addressing this kernel vulnerability and applying them promptly across all Android devices in the organization. Until patches are available, organizations should enforce strict device usage policies, including limiting local access to devices and employing mobile device management (MDM) solutions to monitor for suspicious activity. Kernel hardening techniques such as enabling Kernel Address Space Layout Randomization (KASLR), Kernel Page Table Isolation (KPTI), and other security features can reduce exploitation likelihood. Regular security audits and endpoint detection and response (EDR) tools should be used to detect anomalous behavior indicative of privilege escalation attempts. Additionally, educating users about the risks of installing untrusted applications or granting unnecessary permissions can reduce the attack surface. For critical environments, consider isolating sensitive workloads from mobile devices until the vulnerability is fully mitigated.