Google on Monday related the February 2025 Security Patch for Android devices. The update brings Crucial Security Fixes for discovered vulnerabilites, ranging from high to critical Severity, Including One cve which is said to have ben “activated”. Several Flaws Target Devices Powered by Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisococ Components, While Other Vulnerabilities Affect General System Components SUCH CHERASTEM CORASTEM CORASTEM CORASTEM CORASTEM CHENERENTIE
February 2025 Security Patch for Android
According To Google's Android Security Bulletin for February 2025, a total of 47 discovered vulnerabilityes have been patched with the latest update. Following the rollout, the mountain view-based technology giant has also related the source code patches for these issues to the Android Open Source Project (AOSP) Reposity. Google notes that one of the vulnerabilityes, with the identifier cve-2024-53104, is related to the USB video class (UVC) Driver Subcomponent and May Be “Under Limited, Targeted Exclusion”.
With a high severity and a cvss score of 7.8, it could lead to “Physical Escalation of Privilege with No Additional Execution Privileges Needed”, as per the Bulletin. Who google has not shared any other details, the national vulnerability database, which is the US government's repository of standard-based vulnerability management data, describes It as a video subsystem flw in the linux kernel.
It Occurred when the UVC_Parse_format Function tried handling UVC_vs_undefined Frame but skipped or ignored the undeed frames, parsing them instead. The UVC_Parase_streaming Function, which calculates the buffer size, created this vulnerability as it tried to calculate the buffer size for the expected frames but did not account for the undefined owes. Thus, Its Attempt to Write Data Stered Past the Allocated Buffer Size, Creaking an out-of-bounds write.
OUT of the 47 Vulnerabilites Patched with the February 2025 update, only one has been labelled a “Critical” Severity, Cve-2024-45569. It has a cvss rating of 9.8. The flaw affects wlan subcomponent in qualcomm devices. It also addresses issues related to framework, kernel, platform, and system.