Android Update Fixes Linux Kernel RCE Flaw

Home/Android malware, Internet Security, Malware, RCE Flaw, Security Advisory, Security Update, vulnerability/Android Update Fixes Linux Kernel RCE Flaw

Android Update Fixes Linux Kernel RCE Flaw

On February 3, 2025, Google released the February Android Security Bulletin, fixing 47 vulnerabilities. One major flaw, CVE-2024-53104, in the Linux kernel’s UVC driver, could let attackers execute remote code and gain unauthorized access.

All about the vulnerability

The vulnerability originates from improper handling of UVC_VS_UNDEFINED frames in the UVC driver’s uvc_parse_format function, leading to buffer size miscalculations and out-of-bounds memory writes.

Attackers can exploit this flaw by inserting malicious USB devices or manipulating video streams, causing buffer overflows that overwrite adjacent memory regions. This can enable local privilege escalation without requiring additional execution privileges.

While the flaw is not directly exploitable remotely, attackers can use USB device spoofing to bypass security measures, making it a serious risk to system integrity. Google has reported signs of limited, targeted exploitation, highlighting the urgency of applying security patches.

Affected Kernel Versions

The vulnerability impacts all Linux kernel versions from 2.6.26 to the latest patched releases. Users should update their devices to security patch levels 2025-02-01 or 2025-02-05 to protect against this and other vulnerabilities.

Fixed Kernel Versions

  • 4.19.324 (LTS) – 95edf13a48e7
  • 5.4.286 (LTS) – 684022f81f12
  • 5.10.230 (LTS) – faff5bbb2762
  • 5.15.172 (LTS) – 467d84dc78c9
  • 6.1.117 – beced2cb09b5
  • 6.6.61 – 575a562f7a3e
  • 6.11.8 – 622ad10aae5f
  • 6.12.1 – 1ee9d9122801
  • 6.13-rc1 – ecf2b43018da

The update also fixes vulnerabilities in Qualcomm components and third-party drivers, stressing the need for timely security updates. Given the severity of CVE-2024-53104, Android users should apply the latest patches immediately to prevent potential exploits.

The Android Security Bulletin highlights the importance of staying vigilant against threats that could lead to unauthorized access and device compromise. Users should follow their device manufacturer’s instructions to apply updates as soon as possible.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 38
By | 2025-02-05T08:59:04+05:30 February 4th, 2025|Android malware, Internet Security, Malware, RCE Flaw, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!