- Android OS patch levels prior to 2026-3-5
- Large and medium government entities: High
- Small government entities: Medium
- Large and medium business entities: High
- Small business entities: Medium
- Multiple vulnerabilities in Framework that could allow for elevation of privilege. (CVE-2026-0047, CVE-2025-32313, CVE-2025-48544, CVE-2025-48567, CVE-2025-48568, CVE-2025-48574, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48582, CVE-2025-48605, CVE-2025-48619, CVE-2025-48634, CVE-2025-48635, CVE-2025-48645, CVE-2025-48646, CVE-2025-48654, CVE-2026-0007, CVE-2026-0008, CVE-2026-0010, CVE-2026-0011, CVE-2026-0013, CVE-2026-0020, CVE-2026-0023, CVE-2026-0026, CVE-2026-0034)
- A vulnerability in System that could allow for remote code execution. (CVE-2026-0006)
- Multiple vulnerabilities in System that could allow for elevation of privilege. (CVE-2025-48602, CVE-2025-48641, CVE-2025-48650, CVE-2025-48653, CVE-2026-0017, CVE-2026-0021, CVE-2026-0035)
- Multiple vulnerabilities in Kernel that could allow for elevation of privilege. (CVE-2024-43859, CVE-2026-0037, CVE-2026-0038, CVE-2025-38616, CVE-2025-38618, CVE-2025-39682, CVE-2025-39946, CVE-2026-0029, CVE-2026-0027, CVE-2026-0028, CVE-2026-0030, CVE-2026-0031, CVE-2025-39946, CVE-2025-40266, CVE-2026-0032)
- A vulnerability in Arm components. (CVE-2025-2879)
- Multiple vulnerabilities in Qualcomm components. (CVE-2025-47388, CVE-2025-47394, CVE-2025-47396, CVE-2025-47397, CVE-2025-47398, CVE-2025-59600, CVE-2026-21385)
- Multiple vulnerabilities in Qualcomm closed-source components. (CVE-2025-47339, CVE-2025-47346, CVE-2025-47348, CVE-2025-47366, CVE-2025-47378, CVE-2025-47385, CVE-2025-47395, CVE-2025-47402)
- Multiple vulnerabilities in Framework that could allow for information disclosure. (CVE-2025-48630, CVE-2026-0012, CVE-2026-0025)
- Multiple vulnerabilities in Framework that could allow for denial of service. (CVE-2025-48644, CVE-2026-0014, CVE-2026-0015)
- Multiple vulnerabilities in System that could allow for denial of service. (CVE-2025-48631, CVE-2025-48585, CVE-2025-48587, CVE-2025-48609)
- Multiple vulnerabilities in System that could allow for information disclosure. (CVE-2024-43766, CVE-2025-48642, CVE-2025-64783, CVE-2025-64784, CVE-2025-64893, CVE-2026-0005, CVE-2026-0024)
- Multiple vulnerabilities in Imagination Technologies components. (CVE-2025-10865, CVE-2025-13952, CVE-2025-58407, CVE-2025-58408, CVE-2025-58409, CVE-2025-58411, CVE-2026-21735)
- Multiple vulnerabilities in MediaTek components. (CVE-2025-20795, CVE-2026-20425, CVE-2026-20426, CVE-2026-20427, CVE-2026-20428, CVE-2026-20434, CVE-2025-20760, CVE-2025-20761, CVE-2025-20762, CVE-2025-20793, CVE-2025-20794, CVE-2026-20401, CVE-2026-20402, CVE-2026-20403, CVE-2026-20404, CVE-2026-20405, CVE-2026-20406, CVE-2026-20420, CVE-2026-20421, CVE-2026-20422)
- Multiple vulnerabilities in Unisoc components. (CVE-2025-61612, CVE-2025-61613, CVE-2025-61614, CVE-2025-61615, CVE-2025-61616, CVE-2025-69278, CVE-2025-69279)
- Apply appropriate patches provided by Google to vulnerable systems, immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources. (M1017: User Training)
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Apple? System Integrity Protection (SIP) and Gatekeeper™.
REFERENCES:
Google: https://source.android.com/<wbr />docs/security/bulletin/2026/<wbr />2026-03-01#framework CVE: https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2025-<wbr />32313 https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2025-<wbr />48544
