Full Report
Google’s latest Android update fixes 62 flaws, including two zero-days previously used in limited targeted attacks
Analysis Summary
# Vulnerability: Android Zero-Days in Linux Kernel Related to USB Sub-component
## CVE Details
- CVE ID: CVE-2024-53150, CVE-2024-53197 (Two actively exploited zero-days mentioned by name)
- CVSS Score: 7.8 (High) for both
- CWE: Not explicitly stated, but implied memory corruption/improper boundary checks based on description.
## Affected Systems
- Products: Android OS (specifically the Linux Kernel component).
- Versions: Not explicitly listed, but patched via the April Android Security Update.
- Configurations: Applicable to devices running vulnerable kernel versions.
## Vulnerability Description
Two high-severity vulnerabilities were found in the Linux kernel's USB sub-component of Android, which were actively exploited in the wild against targeted users.
* **CVE-2024-53150:** An out-of-bounds read vulnerability that could lead to the exposure of sensitive information.
* **CVE-2024-53197:** A privilege escalation bug that could allow an attacker to execute code with higher privileges, potentially leading to memory corruption.
Both flaws were initially fixed in the general Linux kernel in December 2024.
## Exploitation
- Status: Exploited in the wild ("limited, targeted" attacks confirmed by Google).
- Complexity: Likely Low to Medium, given the immediate need for patching and the component involved (kernel/USB).
- Attack Vector: Likely Network or Local, as kernel flaws often require initial access or high system privileges to fully exploit, though the nature of the USB component suggests interaction might be possible. **Note:** CVE-2024-53150 specifically allows leakage *without user interaction*.
## Impact
- Confidentiality: High (Information exposure possible via CVE-2024-53150).
- Integrity: High (Privilege escalation possible via CVE-2024-53197).
- Availability: Potential impact via memory corruption associated with CVE-2024-53197.
## Remediation
### Patches
- Android Security Update as of April 2025 (Specific build numbers not listed in the summary).
### Workarounds
- No specific workarounds detailed in the provided text. Immediate patching is the primary mitigation.
## Detection
- Detection mechanisms are not detailed, but the underlying flaws reside in the Linux kernel's USB stack.
- **Indicator:** Exploitation of these flaws has been linked to chains used by the digital forensics firm Cellebrite (in combination with other CVEs like CVE-2024-53104 and CVE-2024-50302).
## References
- Vendor Advisories: Google April Android Security Update.
- Relevant links:
- infosecurity-magazine dot com/news/android-update-address-two-zero/ (Main Article)
- support dot google dot com/admanager/answer/9012903 (Defanged link reference regarding Google Ad-Tech)
- privacy dot reedexpo dot com/en-gb/cookie-policy dot html (Defanged link reference regarding Cookie Policy)