One protection flaw in Google’s Android operating system, which it claimed has been exploited actively in the wild, was fixed with patches from Google.
The vulnerability in question is ( CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class ( ) driver.
Effective abuse of the flaw could lead to actual increase of pleasure, Google said, noting that it’s aware that it may be under “limited, intended abuse”.
Although no further technological details have been provided, Linux kernel designer Greg Kroah-Hartman revealed in earlier December 2024 that the risk was introduced in edition 2.2.6.26, which was made available in the middle of 2008.
Specifically, it has to do with an that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named “uvc_parse_format ( )” in the “uvc_driver. c” software.
This also means that the weakness may be to result in memory fraud, system crash, or arbitrary script execution.
Also patched as part of Google’s monthly security updates is a critical flaw in Qualcomm’s WLAN component ( , CVSS score: 9.8 ) that could also lead to memory corruption.
In order to provide Android partners more freedom, Google released two security piece levels, 2025-02-01 and 2025-02-05, making it worthwhile to note that these two levels are comparable across all Android devices more quickly.
Google urged Android partners to resolve all problems in this report and use the most recent security patch level, according to Google.