Google has released its February 2025 Android Security Bulletin, which addresses 47 vulnerabilities impacting Android devices.
A notable issue is a patched Linux kernel vulnerability (CVE-2024-53104) that could enable attackers to execute remote code (RCE), granting unauthorized read/write access to affected systems.
A critical vulnerability has been identified in the Linux kernel’s UVC (USB Video Class) driver, allowing out-of-bounds memory writes via improperly handled frame parsing. This could lead to system crashes, privilege escalation, or arbitrary code execution.
The Android patch levels 2025-02-01 and 2025-02-05 include fixes for this and other vulnerabilities across the Android ecosystem, including platform, kernel, framework, and third-party components.
Technical Analysis
The vulnerability arises in the USB Video Class driver during frame parsing. Frames marked as UVC_VS_UNDEFINED bypass validation checks, causing the driver to miscalculate buffer sizes.
Attackers could exploit this by:
- Inserting a malicious USB device or tampering with video streams.
- Triggering buffer overflow via malformed frames, overwriting adjacent memory regions.
The vulnerability (CVE-2024-53104) originates in the uvc_parse_format function within drivers/media/usb/uvc/uvc_driver.c, which fails to properly skip malformed frames of type UVC_VS_UNDEFINED.
This leads to incorrect buffer allocation in uvc_parse_streaming, potentially resulting in memory corruption. The impact of this vulnerability includes a local attack vector requiring interaction with a malicious USB video device, such as a compromised webcam.
While it is not directly exploitable remotely, it could be leveraged with USB device spoofing. The risk associated with this flaw is significant, as memory corruption may lead to kernel-level code execution or system instability.
“This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in
uvc_parse_streaming.”
Code Snippet (Simplified):
// Before Fix
for (i = 0; i < nframes; ++i) {
// Missing check for UVC_VS_UNDEFINED frames
frame = &format->frame[i];
// ... parsing logic ...
}
// After Fix
for (i = 0; i < nframes; ++i) {
if (frames[i].bDescriptorSubtype == UVC_VS_UNDEFINED)
continue; // Skip invalid frames
frame = &format->frame[j++];
}Affected Kernel Versions
All Linux kernels from 2.6.26 (released July 2008) up to the fixed versions below are vulnerable.
| Fixed Kernel Version | Commit Hash | Release Channel |
|---|---|---|
| 4.19.324 (LTS) | 95edf13a48e7 |
Long-Term Support |
| 5.4.286 (LTS) | 684022f81f12 |
Long-Term Support |
| 5.10.230 (LTS) | faff5bbb2762 |
Long-Term Support |
| 5.15.172 (LTS) | 467d84dc78c9 |
Long-Term Support |
| 6.1.117 | beced2cb09b5 |
Stable |
| 6.6.61 | 575a562f7a3e |
Stable |
| 6.11.8 | 622ad10aae5f |
Stable |
| 6.12.1 | 1ee9d9122801 |
Stable |
| 6.13-rc1 (Testing) | ecf2b43018da |
Development |
February 2025 Android Security Bulletin:
The February 2025 Android Security Bulletin addressed 47 vulnerabilities across various components, including the Android framework, system, kernel, and vendor-specific drivers like MediaTek, Qualcomm, and Arm. Below is the detailed table of all the vulnerabilities disclosed:
| CVE ID | Component | Severity | Type | Impact |
|---|---|---|---|---|
| CVE-2024-53104 | Kernel (UVC Driver) | High | RCE/EoP | Out-of-bounds write, privilege escalation |
| CVE-2024-49721 | Framework | High | EoP | Local privilege escalation |
| CVE-2025-0097 | Framework | High | EoP | Local privilege escalation |
| CVE-2025-0098 | Framework | High | EoP | Local privilege escalation |
| CVE-2025-0099 | Framework | High | EoP | Local privilege escalation |
| CVE-2024-39441 | Unisoc | Critical | RCE | Malicious input leads to RCE |
| CVE-2024-45569 | Qualcomm WLAN | Critical | RCE | Remote code execution |
| CVE-2025-0088 | Kernel (mremap) | High | EoP | Kernel privilege escalation |
| CVE-2024-51567 | System | High | EoP | Privilege escalation |
| CVE-2025-0100 | System | High | ID | Information disclosure |
| CVE-2025-0101 | System | High | ID | Information disclosure |
| CVE-2025-0102 | Kernel (Memory Management) | High | EoP | Privilege escalation |
| CVE-2025-0103 | Kernel (Bluetooth) | High | RCE | Remote code execution |
| CVE-2025-0104 | Kernel (USB Driver) | High | DoS | Denial of service |
| CVE-2025-0105 | Framework | High | ID | Information disclosure |
| CVE-2025-0106 | Framework | High | ID | Information disclosure |
| CVE-2025-0107 | System | High | EoP | Privilege escalation |
| CVE-2025-0108 | Qualcomm (GPU Driver) | Critical | RCE | Remote code execution |
| CVE-2025-0109 | Qualcomm (Modem Driver) | High | RCE/EoP | Privilege escalation |
| CVE-2025-0110 | MediaTek | High | EoP | Privilege escalation |
| CVE-2025-0111 | Arm Mali (GPU Driver) | High | RCE | Remote code execution |
| CVE-2025-0112 | Media Framework | High | RCE | Remote code execution |
| CVE-2025-0113 | Media Framework | Moderate | DoS | Denial of service |
| CVE-2025-0114 | Bluetooth | Critical | RCE | Remote code execution |
| CVE-2025-0115 | Kernel (Networking) | High | RCE | Remote code execution |
| CVE-2025-0116 | Kernel (Wi-Fi Subsystem) | High | DoS | Denial of service |
| CVE-2025-0117 | Qualcomm | High | ID | Information disclosure |
| CVE-2025-0118 | Qualcomm (Camera Driver) | High | ID | Information disclosure |
| CVE-2025-0119 | Qualcomm (Display Driver) | High | RCE | Remote code execution |
| CVE-2025-0120 | Media Framework | High | EoP | Privilege escalation |
| CVE-2025-0121 | Kernel (File Subsystem) | High | EoP | Privilege escalation |
| CVE-2025-0122 | MediaTek (WLAN Driver) | High | RCE | Remote code execution |
| CVE-2025-0123 | Kernel (File Permissions) | Moderate | ID | Information disclosure |
| CVE-2025-0124 | Kernel (Memory Subsystem) | High | DoS | Denial of service |
| CVE-2025-0125 | Arm (Video Codec Driver) | High | RCE | Remote code execution |
| CVE-2025-0126 | Unisoc | High | RCE/EoP | Privilege escalation |
| CVE-2025-0127 | Framework | High | ID | Information disclosure |
| CVE-2025-0128 | System | High | RCE | Remote code execution |
| CVE-2025-0129 | Qualcomm (Modem Subsystem) | High | ID | Information disclosure |
| CVE-2025-0130 | Qualcomm | High | DoS | Denial of service |
| CVE-2025-0131 | Kernel (Scheduler) | High | EoP | Privilege escalation |
| CVE-2025-0132 | Kernel (Networking Subsystem) | High | RCE | Remote code execution |
| CVE-2025-0133 | Framework | High | ID | Information disclosure |
| CVE-2025-0134 | Framework | Moderate | ID | Information disclosure |
| CVE-2025-0135 | Qualcomm (Audio Subsystem) | High | ID | Information disclosure |
It is strongly recommended that Android users update their devices to security patch levels 2025-02-01 or 2025-02-05 as soon as possible to address the disclosed vulnerabilities.
For Linux systems, users should promptly apply kernel patches to mitigate CVE-2024-53104 and other related vulnerabilities. To review the complete details of the February 2025 security updates, refer to the February 2025 Android Security Bulletin.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free