NIX Solutions: Android February Update Fixes Key Bugs

Google has released the February Android update, addressing a critical OS kernel vulnerability that may have been exploited by attackers. Additionally, several vulnerabilities related to components from Google’s partner manufacturers were resolved.

One of the key fixes is for CVE-2024-53104, a vulnerability in the USB video device driver within the Linux kernel. While little is known about this bug, it has been corrected to prevent the kernel from writing unintended data to memory when analyzing undefined video frames. If exploited, this flaw could lead to device crashes or complete system compromise.

NIXSolutions

Originally, the driver was designed to process signals from USB cameras and other video sources, making exploitation possible by connecting malicious hardware that sends corrupted data. According to Google, the flaw enabled “physical privilege escalation without requiring additional execution privileges.” In other words, an attacker could gain control of an Android device simply by attaching a specially crafted device. Google acknowledged that CVE-2024-53104 had likely been subject to “limited, targeted exploitation.”

Additional Fixes and Impact on Android Devices

A total of 46 vulnerabilities were patched in the February update. One of the most severe, CVE-2024-45569, received a 9.8 out of 10 rating and involved Qualcomm’s local wireless communication modules. It could allow remote code execution or trigger a device crash. Another critical issue, CVE-2025-0088, was a kernel vulnerability that allowed system page table substitution, potentially granting attackers full control over affected devices, adds NIX Solutions.

The update also addressed 10 vulnerabilities in Qualcomm components, 5 in MediaTek components, and 4 in Imagination Technologies’ PowerVR graphics subsystem. Google Pixel device owners will receive the update first, followed by other supported Android devices. Samsung, Google’s largest partner, is still finalizing the rollout of its January update, yet we’ll keep you updated as more integrations become available.