In February 2025, Google rolled out Android security updates that addressed a total of 48 vulnerabilities, with one critical flaw that was actively being exploited in the wild. The zero-day vulnerability, identified as CVE-2024-53104, was disclosed by Google in its bulletin, indicating that it may be under limited, targeted exploitation.
The vulnerability in question is a privilege escalation security flaw in the Kernel’s USB Video Class driver, which could allow an authenticated local attacker to elevate privileges through low-complexity attacks. The issue arises from the improper parsing of UVC_VS_UNDEFINED frames, leading to miscalculation of the frame buffer size and potentially enabling arbitrary code execution or denial-of-service attacks.
According to the advisory, the Linux kernel has addressed this vulnerability by skipping the parsing of frames of type UVC_VS_UNDEFINED in uvc_parse_format, which could result in out-of-bounds writes due to the frames not being taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
Apart from the zero-day flaw, Google also released two security patch sets for February 2025: the 2025-02-01 and 2025-02-05 security patch levels. Additionally, Google addressed another critical vulnerability, CVE-2024-45569, in Qualcomm’s WLAN component, which scored 9.8 on the Common Vulnerability Scoring System (CVSS).
This flaw involves a memory corruption issue while parsing the ML IE due to invalid frame content, highlighting the importance of timely security updates and patches to mitigate the risk of exploitation. Notably, in November 2024, Google had also dealt with two Android zero-days, CVE-2024-43047 and CVE-2024-43093, which were actively exploited in the wild.
By staying proactive with security updates and addressing vulnerabilities promptly, Google aims to enhance the overall security posture of Android devices and protect users from potential cyber threats. As cybercriminals continue to evolve their tactics and target mobile platforms, it is essential for users to prioritize security measures and keep their devices updated with the latest patches.
For more cybersecurity news and updates, follow SecurityAffairs on Twitter (@securityaffairs), Facebook, and Mastodon. Stay informed about the latest developments in hacking, Google, and cybersecurity by following Pierluigi Paganini on LinkedIn.
Source: SecurityAffairs – Hacking, Google – URL: https://securityaffairs.com/173812/hacking/google-android-kernel-zero-day-flaw.html
Category & Tags: Breaking News, Hacking, Security, Android, Cybercrime, hacking news, information security news, IT Information Security, Pierluigi Paganini, Security Affairs, Security News, zero-Day – Breaking News, Hacking, Security, Android, Cybercrime, hacking news, information security news, IT Information Security, Pierluigi Paganini, Security Affairs, Security News, zero-Day