Google on Monday announced patches for 46 vulnerabilities as part of Android’s February 2025 security update, including fixes for a Linux kernel flaw under active exploitation.
The exploited vulnerability, tracked as CVE-2024-53104 (CVSS score of 7.8), is a high-severity out-of-bounds write bug that could be exploited to elevate privileges on a vulnerable Android device.
Disclosed in November 2024, the issue resides in the Linux kernel’s uvcvideo driver, which fails to properly parse frames of a certain type. Because the function parsing the frames does not take them into consideration when calculating the size of the frame buffer, an out-of-bounds write can occur.
“This vulnerability could be exploited by malicious actors to execute arbitrary code or cause denial-of-service conditions,” Recorded Future notes in an advisory.
CVE-2024-53104 was introduced in 2008, in Linux kernel version 2.6.26, and was resolved in December 2024. Now, Google is rolling out fixes for it to Android users, warning that threat actors are exploiting it.
“There are indications that CVE-2024-53104 may be under limited, targeted exploitation,” Google notes in the February 2025 Android security bulletin.
The developers of the GrapheneOS privacy- and security-focused mobile OS believe CVE-2024-53104 is “likely one of the USB bugs exploited by forensic data extraction tools”. This theory is supported by Google noting in its advisory that the vulnerability can lead to “physical escalation of privilege with no additional execution privileges needed”.
The latest Android update also resolves CVE-2025-0088, another high-severity Linux kernel bug that could lead to elevation of privilege on Android.
Of the 46 issues addressed in Android this week, 23 were fixed with the first part of the February 2025 update, which arrives on devices as the 2025-02-01 security patch level, addressing bugs in the Framework, Platform, and System components.
The second part of the update arrives as the 2025-02-05 security patch level and resolves 23 security defects in kernel, Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components.
Devices running a security patch level of 2025-02-05 contain fixes for all the vulnerabilities described above.
On Monday, Google announced that this month’s Wear OS update fixes one vulnerability, but said that no Android Automotive OS security patches were released.
Android Automotive OS and Wear OS updated to a security patch level of 2025-02-05 also contain fixes for the vulnerabilities included in the February 2025 Android security bulletin.
Related: First Android Update of 2025 Patches Critical Code Execution Vulnerabilities
Related: In Other News: Browser Syncjacking, Fake AWS Hack, Google Blocked 2M Bad Apps
Related: Threema Under Fire After Downplaying Security Research
Related: Go-Based Apps Vulnerable to Attacks Due to URL Parsing Issue
