Full Report
The monthly update closes 47 security vulnerabilities in total. The post Android security update includes patch for actively exploited vulnerability appeared first on CyberScoop.
Analysis Summary
# Vulnerability: Actively Exploited UVC Driver Flaw in Android Kernel (February 2025 Update)
## CVE Details
- CVE ID: CVE-2024-53104
- CVSS Score: 7.8 (High)
- CWE: Out-of-bounds Write (Implied by technical details)
## Affected Systems
- Products: Android Operating System (via Linux Kernel components)
- Versions: Versions affected by Linux kernel version 2.6.26 or later (disclosed November 2024). Specific vulnerable Android versions are not listed, but addressed in the February 2025 security update.
- Configurations: Systems utilizing the affected USB Video Class (UVC) driver.
## Vulnerability Description
CVE-2024-53104 is a high-severity vulnerability residing in the USB Video Class (UVC) driver within the Linux kernel. The flaw stems from insufficient handling during video frame parsing, leading to an **out-of-bounds write** condition within the `uvc_parse_format()` function. Successful exploitation allows an adversary to escalate privileges or cause device instability (denial of service/crash).
Additionally, **CVE-2024-45569** (Qualcomm WLAN components, CVSS 9.8) is a critical memory corruption issue related to improper array index validation during network management frame processing, potentially leading to Remote Code Execution (RCE).
## Exploitation
- Status: **Limited, targeted exploitation in the wild reported.**
- Complexity: Medium (Likely requires physical access or controlled USB device insertion for the UVC flaw).
- Attack Vector: Physical (Implied for CVE-2024-53104, often associated with forensic tools or specialized physical interaction). Network (For CVE-2024-45569).
## Impact
- Confidentiality: Potential (via privilege escalation/data extraction).
- Integrity: High (Privilege escalation leading to arbitrary code execution).
- Availability: High (Device crashes possible).
## Remediation
### Patches
Android security updates for February 2025 provide fixes via two available patch levels:
- **2025-02-01**
- **2025-02-05** (Includes additional kernel and third-party component remedies).
Users on Google Pixel devices should receive these patches promptly.
### Workarounds
No specific workarounds are detailed in the summary. Mitigation relies on applying the vendor-supplied patches. For CVE-2024-53104, limiting physical access to devices and restricting the use of untrusted USB peripherals might reduce the attack surface until patching occurs.
## Detection
- Indicators of Compromise: Not explicitly detailed, but indicators would likely involve kernel panics or unusual activity associated with driver execution paths related to USB video processing.
- Detection methods and tools: Standard security monitoring tools capable of examining kernel activity and inspecting system logs pertaining to UVC driver interactions could potentially reveal exploitation attempts.
## References
- Vendor Advisory (Android Security Bulletin February 2025): hXXps://source.android.com/docs/security/bulletin/2025-02-01
- CVE-2024-53104 Details: hXXps://nvd.nist.gov/vuln/detail/CVE-2024-53104