Google has Starting patches To solve 47 security deficiencies in his Android operating system, including one he said, was actively exploited in the wild.
Vulnerability in question Cve-2024-53104 (CVSS assessment: 7.8), which was described as a case of escalation privileges in a core component known as a USB -video class (UVC) the driver.
Google noted that successful exploitation of the shortage could lead to physical escalation of privileges, noting that it may be “limited, focused exploitation”.
Although no other technical details were offered, the Linux kernel developer Greg Croo-Hartman in early December 2024 found that vulnerability was rooted into the linux kernel and that it was introduced into Version 2.6.26which liberated In mid 2008.
In particular, this is due to The connected conditions of the record This may result from the UVC_VS_UNDINED frame analysis in feature called “UVC_Parse_format ()” In “Uvc_driver.c“The program.
It also means that the deficiency may be weapon To lead to corruption, the program of the program, or arbitrary code.
Also fixed within the monthly Google security updates is the most important drawback in the WLAN Qualcomm component (Cve-2024-4569CVSS assessment: 9.8), which can also lead to corruption.
It is worth noting that Google has released two levels of security patch, 2025-01 and 2025-05 to give flexibility for Android Partners to solve a part of vulnerabilities that are more similar to all Android devices.
“Android Partners is recommended to fix all the problems in this newsletter and use the latest security level,” Google said.
