Vulnerability Patched in Android Possibly Exploited by Forensic Tools
securityweek
Google on Monday announced patches for 46 vulnerabilities as part of Android’s February 2025 security update, including fixes for a Linux kernel flaw under active exploitation.
The exploited vulnerability, tracked as CVE-2024-53104 (CVSS score of 7.8), is a high-severity out-of-bounds write bug that could be exploited to elevate privileges on a vulnerable Android device.
Disclosed in November 2024, the issue resides in the Linux kernel’s uvcvideo driver, which fails to properly parse frames of a certain type. Because the function parsing the frames does not take them into consideration when calculating the size of the frame buffer, an out-of-bounds write can occur.
“This vulnerability could be exploited by malicious actors to execute arbitrary code or cause denial-of-service conditions,” Recorded Future notes in an advisory.
CVE-2024-53104 was introduced in 2008, in Linux kernel version 2.6.26, and was resolved in December 2024. Now, Google is rolling out ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE