Intelligence
highVulnerabilityContained

Google Android February Update Patches Actively Exploited Kernel Vulnerability

Google's February Android security update patches an actively exploited Linux kernel USB-video class vulnerability that enabled privilege escalation on Android devices.

S
Sebastion

CVE References

CVE-2024-53104

Affected

Android devices running kernel versions prior to February 2025 security patch

What happened: Google released the February 2025 Android security bulletin addressing multiple vulnerabilities, including CVE-2024-53104, a Linux kernel vulnerability in the USB Video Class (UVC) driver that was being actively exploited in the wild. This is the first actively exploited Android zero-day patched in 2025, and Google indicated it may have been used in limited, targeted attacks.

Technical details: CVE-2024-53104 is an out-of-bounds write vulnerability in the UVC driver's handling of frames of type UVC_VS_UNDEFINED in the uvc_parse_format function. By sending specially crafted USB video data, an attacker with physical access or through compromised USB peripherals can trigger a heap buffer overflow, leading to privilege escalation. The February update also patches a critical vulnerability in the Qualcomm WLAN component (CVE-2024-45569) rated CVSS 9.8.

Who is affected: Android device users running security patch levels prior to February 1, 2025. The physical access requirement for the UVC exploit limits the attack surface, but the vulnerability may also be exploitable through connected peripherals or in scenarios involving compromised docking stations and charging infrastructure.

What defenders should do: Apply the February 2025 Android security update promptly. Organizations with managed device fleets should push updates through their MDM solutions. Consider implementing USB access controls and restricting USB device connections on sensitive devices. Enterprise environments should evaluate USB peripheral policies given the kernel-level impact of this vulnerability class.

Broader implications: Kernel-level USB driver vulnerabilities represent a powerful attack vector because they execute with the highest privilege level and can bypass application-layer security controls. The exploitation of UVC driver flaws specifically highlights risks associated with the increasing connectivity of mobile devices to external peripherals and accessories.

Sources

androidgooglekernelprivilege_escalationzero-day
Back to intelligence