Tech »  Topic »  Vulnerability Patched in Android Possibly Exploited by Forensic Tools

Vulnerability Patched in Android Possibly Exploited by Forensic Tools


Google on Monday announced patches for 46 vulnerabilities as part of Android’s February 2025 security update, including fixes for a Linux kernel flaw under active exploitation.

The exploited vulnerability, tracked as CVE-2024-53104 (CVSS score of 7.8), is a high-severity out-of-bounds write bug that could be exploited to elevate privileges on a vulnerable Android device.

Disclosed in November 2024, the issue resides in the Linux kernel’s uvcvideo driver, which fails to properly parse frames of a certain type. Because the function parsing the frames does not take them into consideration when calculating the size of the frame buffer, an out-of-bounds write can occur.

“This vulnerability could be exploited by malicious actors to execute arbitrary code or cause denial-of-service conditions,” Recorded Future notes in an advisory.

CVE-2024-53104 was introduced in 2008, in Linux kernel version 2.6.26, and was resolved in December 2024. Now, Google is rolling out ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE