{"id":9304,"date":"2025-02-04T01:51:00","date_gmt":"2025-02-04T04:51:00","guid":{"rendered":"https:\/\/www.blog.lineasdns.com\/google-patches-47-android-security-flaws-including-actively-exploited-cve-2024-53104\/"},"modified":"2025-02-04T01:51:00","modified_gmt":"2025-02-04T04:51:00","slug":"google-patches-47-android-security-flaws-including-actively-exploited-cve-2024-53104","status":"publish","type":"post","link":"https:\/\/www.blog.lineasdns.com\/en\/google-patches-47-android-security-flaws-including-actively-exploited-cve-2024-53104\/","title":{"rendered":"Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104"},"content":{"rendered":"


\n<\/p>\n

\n
<\/a><\/div>\n

Google has shipped patches<\/a> to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.<\/p>\n

The vulnerability in question is CVE-2024-53104<\/a> (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC<\/a>) driver.<\/p>\n

Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, noting that it’s aware that it may be under “limited, targeted exploitation.”<\/p>\n

While no other technical details have been offered, Linux kernel developer Greg Kroah-Hartman revealed<\/a> in early December 2024 that the vulnerability is rooted in the Linux kernel and that it was introduced in version 2.6.26<\/a>, which was released<\/a> in mid-2008.<\/p>\n

\"Cybersecurity\"<\/a><\/center><\/div>\n

Specifically, it has to do with an out-of-bounds write condition<\/a> that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named “uvc_parse_format()” in the “uvc_driver.c<\/a>” program.<\/p>\n

This also means that the flaw could be weaponized<\/a> to result in memory corruption, program crash, or arbitrary code execution.<\/p>\n

It’s not currently not clear who is behind the exploitation of the vulnerability, although the fact that it could facilitate “physical” privilege escalation suggests possible misuse by forensic data extraction tools, per GrapheneOS<\/a>.<\/p>\n

Also patched as part of Google’s monthly security updates is a critical flaw in Qualcomm’s WLAN component (CVE-2024-45569<\/a>, CVSS score: 9.8) that could also lead to memory corruption.<\/p>\n

It’s worth noting that Google has released two security patch levels, 2025-02-01 and 2025-02-05, so as to give flexibility to Android partners to address a portion of vulnerabilities that are similar across all Android devices more quickly.<\/p>\n

“Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level,” Google said.<\/p>\n

Update<\/h3>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added<\/a> CVE-2024-53104 to its Known Exploited Vulnerabilities (KEV<\/a>) catalog, requiring federal agencies to patch the Linux kernel bug by February 26, 2025.<\/p>\n

<\/p>\n

Found this article interesting? Follow us on Twitter \uf099<\/i><\/a> and LinkedIn<\/a> to read more exclusive content we post.<\/div>\n<\/div>\n