Analysis Summary

Google has released security patches addressing 47 vulnerabilities in Android, including an actively exploited flaw, CVE-2024-53104. This high-severity vulnerability (CVSS score: 7.8) affects the USB Video Class (UVC) driver in the Linux kernel and can lead to privilege escalation. The flaw has been under "limited, targeted exploitation," suggesting real-world attacks. It stems from an out-of-bounds write condition in the uvc_parse_format() function, introduced in Linux kernel version 2.6.26, released in mid-2008.

Exploitation of CVE-2024-53104 could result in memory corruption, program crashes, or even arbitrary code execution. Since the issue exists at the kernel level, attackers could use it to gain elevated privileges by manipulating UVC_VS_UNDEFINED frame types. Given its long-standing presence in the Linux kernel, the flaw poses a significant risk to a wide range of Android devices, particularly those with vulnerable kernel versions. Google has not disclosed full technical details but has acknowledged its active exploitation.

Another critical vulnerability patched in this update is CVE-2024-45569, which affects Qualcomm's WLAN component and has a CVSS score of 9.8. This flaw could lead to memory corruption, making it a serious security risk. Since many Android devices rely on Qualcomm chips, this vulnerability has broad implications. Attackers could potentially exploit it to compromise wireless communication, execute malicious code, or cause system instability.

To ensure comprehensive security updates, Google has introduced two patch levels: 2025-02-01 and 2025-02-05. This approach allows Android partners to address shared vulnerabilities quickly while working on full patch integration. Google has encouraged device manufacturers to adopt the latest security patches to protect users from these critical threats. Users are advised to update their devices promptly to mitigate potential exploitation risks.

Impact

• Privilege Escalation
• Code Execution

Indicators of Compromise

CVE

• CVE-2024-53104

Affected Vendors

Remediation

• Ensure your Android device is updated to the latest security patch level (2025-02-01 or 2025-02-05) as released by Google.
• Device manufacturers may roll out patches at different times—regularly check for updates from your phone's settings.
• Avoid connecting untrusted USB devices, as the vulnerability affects the USB Video Class (UVC) driver.
• Keep Google Play Protect enabled to detect and block malicious activities on your device.
• Install reputable mobile security apps to monitor for potential threats.
• Be cautious of apps requesting unnecessary permissions, especially those requiring access to system components.
• Users who modify or root their devices should be aware that outdated kernels may still be vulnerable.
• Since CVE-2024-45569 affects Qualcomm WLAN, avoid connecting to unknown or untrusted Wi-Fi networks.
• Keep track of security bulletins from Google and Linux kernel developers for updates on emerging threats.