Google has shipped patches to deal with 47 security defects in the Android operating system.
The vulnerability in question is CVE-2024-53104 (CVSS Score: 7.8), which is described as a privileged escalation case of a kernel component known as a USB video class (UVC) driver.
According to Google, the success of the exploitation of the defective could lead to a physical escalation of privileges, and recognizes that it may be based on “exploitation with limited targets”. He said.
Other technical details are not provided, but the Linux kernel developer, GREG KROAH-HARTMAN, is rooted in the Linux kernel in early December 2024 and released in mid-2008. It was revealed that it was introduced in 26.
具体的には、「uvc_driver.c」プログラムの「uvc_parse_format()」という名前の「uvc_parse_format()」という関数で、型uvc_vs_undefizedのフレームの解析の結果として生じる可能性のある境界外の書き込み条件に関係I am doing it.
This also means that defects can be weapons to bring memory rot, program crash, or any code execution.
Also, the application of a patch as part of Google’s monthly security update is a serious flaw of Qualcomm’s WLAN component (CVE-2024-45569, CVSS Score: 9.8).
Google releases two security patch levels, 2025-02-01 and 2025-02-05, gives Android partners flexibility, and some of the vulnerabilities that are more similar to all Android devices It is worth noting to deal with.
“Android partners are recommended to fix all issues in this bulletin and use the latest security patch level,” Google says.
Source link
