The Android Open Source Project (AOSP) is the open-source software development repository for the Android operating system. This vulnerability affects the GetHostAddress function in gxp_buffer.h, allowing an attacker to execute arbitrary code on the device with no additional execution privileges needed.
Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to the latest AOSP release: https://source.android.com/security/bulletin/pixel/2025-12-01
- If an immediate upgrade isn't possible:
- Restrict network access to your device (firewall it from the public internet)
- Audit admin account activity for suspicious access patterns
- Monitor for unauthorized token creation