Google releases February 2025 Android update, fixing among others one critical and possibly exploited Android kernel flaw

Google has released its February 2025 Android Security Bulletin, addressing multiple security vulnerabilities affecting Android devices. The security patch levels of 2025-02-05 or later address all identified issues. The update includes 46 patches, with particular attention to several significant vulnerabilities:

Vulnerabilities summary:

• CVE-2024-45569 (CVSS score 9.8) - A critical flaw in Qualcomm's wireless LAN stack that allows privileged remote code execution through improper array length validation during network management frame processing.
• CVE-2024-53104 (CVSS score 7.8) - A kernel-level vulnerability in the USB video-class driver code that could lead to physical escalation of privilege. This vulnerability is currently under limited, targeted exploitation. The flaw involves the parsing of undefined video frames that could allow unauthorized memory writes, potentially enabling device hijacking through malicious USB hardware connections.
• CVE-2025-0088 (No CVSS score) - A high-severity kernel vulnerability involving a race condition in system page tables that could allow rogue applications to gain device control.

The security update addresses vulnerabilities across multiple components and vendors:

• Qualcomm received 10 patches, including four for camera driver issues
• MediaTek devices received five patches
• Imagination Technologies received four patches for its PowerVR-GPU engine
• Various other components including Framework, Platform, and System received updates

Google Pixel devices will receive the updates first, followed by other manufacturers. The patches will be distributed through both security updates and Google Play system updates for devices running Android 10 and later versions.

Security Measures: Google has implemented various security protections through the Android security platform and Google Play Protect, which help mitigate potential exploits.