On February 3, 2025, Google published its February Android Security Bulletin, which addresses a total of 47 vulnerabilities affecting Android devices.
Among these, a critical flaw in the Linux kernel’s USB Video Class (UVC) driver, tracked as CVE-2024-53104, has been identified as a significant security risk.
This vulnerability allows attackers to execute remote code (RCE), potentially granting unauthorized read/write access to affected systems.
Technical Overview of the Vulnerability
The vulnerability in question arises from improper parsing of frames marked as UVC_VS_UNDEFINED within the uvc_parse_format function of the UVC driver.
This mismanagement leads to miscalculation of buffer sizes, resulting in out-of-bounds memory writes.
Attackers can exploit this flaw by inserting malicious USB devices or manipulating video streams, triggering buffer overflows that overwrite adjacent memory regions.
The implications of CVE-2024-53104 are severe, as it could lead to local privilege escalation without requiring additional execution privileges.
Although the vulnerability is not directly exploitable remotely, it could be leveraged through USB device spoofing, making it a considerable threat to system integrity and stability.
Google has indicated that there are signs of limited, targeted exploitation of this flaw.
Affected Kernel Versions
The vulnerability affects all Linux kernel versions from 2.6.26 up to the latest patched versions.
To mitigate this risk, users are urged to update their devices to security patch levels 2025-02-01 or 2025-02-05, which include fixes for this and other vulnerabilities across various components of the Android ecosystem.
| Fixed Kernel Version | Commit Hash | Release Channel |
|---|---|---|
| 4.19.324 (LTS) | 95edf13a48e7 |
Long-Term Support |
| 5.4.286 (LTS) | 684022f81f12 |
Long-Term Support |
| 5.10.230 (LTS) | faff5bbb2762 |
Long-Term Support |
| 5.15.172 (LTS) | 467d84dc78c9 |
Long-Term Support |
| 6.1.117 | beced2cb09b5 |
Stable |
| 6.6.61 | 575a562f7a3e |
Stable |
| 6.11.8 | 622ad10aae5f |
Stable |
| 6.12.1 | 1ee9d9122801 |
Stable |
| 6.13-rc1 | ecf2b43018da |
Development |
In addition to CVE-2024-53104, the bulletin also addresses vulnerabilities in Qualcomm components and other third-party drivers, emphasizing the importance of timely updates to protect against potential exploits.
Given the critical nature of CVE-2024-53104 and its potential for exploitation, it is imperative for Android users to apply the latest security updates without delay.
The Android Security Bulletin serves as a reminder of the ongoing need for vigilance in cybersecurity practices, particularly concerning vulnerabilities that may lead to unauthorized access and control over devices.
Users should consult their device documentation for instructions on applying these essential updates promptly.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free