Google Rolls Out February 2025 Security Patch for Android With 47 Fixes
Photo Credit: Android
Google also recently rolled out the February 2025 update for Pixel devices
Google on Monday released the February 2025 security patch for Android devices. The update brings crucial security fixes for discovered vulnerabilities, ranging from high to critical severity, including one CVE which is said to have been “actively exploited”. Several flaws target devices powered by Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisoc components, while other vulnerabilities affect general system components such as framework and kernel.
February 2025 Security Patch for Android
According to Google's Android Security Bulletin for February 2025, a total of 47 discovered vulnerabilities have been patched with the latest update. Following the rollout, the Mountain View-based technology giant has also released the source code patches for these issues to the Android Open Source Project (AOSP) repository. Google notes that one of the vulnerabilities, with the identifier CVE-2024-53104, is related to the USB Video Class (UVC) driver subcomponent and may be “under limited, targeted exploitation”.
With a high severity and a CVSS score of 7.8, it could lead to “physical escalation of privilege with no additional execution privileges needed”, as per the bulletin. While Google has not shared any other details, the National Vulnerability Database, which is the US government's repository of standards-based vulnerability management data, describes it as a video subsystem flaw in the Linux kernel.
- Developer Finds Custom Kernel Fix for Pixel Stuttering Issues
It occurred when the uvc_parse_format function tried handling UVC_VS_UNDEFINED frame but skipped or ignored the undefined frames, parsing them instead. The uvc_parse_streaming function, which calculates the buffer size, created this vulnerability as it tried to calculate the buffer size for the expected frames but did not account for the undefined ones. Thus, its attempt to write data steered past the allocated buffer size, creating an out-of-bounds write.
- Google Rolls Out February 2025 Update for Pixel Phones With Bug Fixes
- Google Reveals Timeline for Commercial Quantum Computing Applications
Out of the 47 vulnerabilities patched with the February 2025 update, only one has been labelled a “critical” severity, CVE-2024-45569. It has a CVSS rating of 9.8. The flaw affects WLAN subcomponent in Qualcomm devices. It also addresses issues related to framework, kernel, platform, and system.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Related Stories
-
Google Reportedly Internally Testing an AI Mode Feature for Search6 February 2025
-
Google Pixel’s Random Stuttering Woes May End Soon as Developer Finds Custom Kernel Fix6 February 2025
-
Google Says Commercial Quantum Computing Applications Arriving Within Five Years6 February 2025
-
Google Expands Gemini 2.0 Rollout With Flash Thinking, Agentic and Pro Models6 February 2025
-
Google Pixel Phones Receiving February 2025 Update With Bug Fixes and Security Patches6 February 2025
