Full Report
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 (CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure CVE-2024-53197 (CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel
Analysis Summary
# Vulnerability: Actively Exploited Kernel Flaws in Android Leading to Potential Privilege Escalation
## CVE Details
- CVE ID: CVE-2024-53150, CVE-2024-53197 (Note: The article mentions two actively exploited flaws, these are listed. Other related, previously patched flaws are Cve-2024-53104 and CVE-2024-50302).
- CVSS Score: 7.8 (High) for both CVE-2024-53150 and CVE-2024-53197 (Implied based on description as "high-severity").
- CWE: Not specified in detail (One is Out-of-bounds, the other is Privilege Escalation).
## Affected Systems
- Products: Android devices (Specific OEM versions depend on patch release schedule).
- Versions: Unspecified, but addressed in the April 2025 Android security bulletin.
- Configurations: Vulnerabilities reside in the **USB sub-component of the Kernel.**
## Vulnerability Description
**CVE-2024-53150:** An out-of-bounds flaw within the USB sub-component of the Kernel, which could lead to information disclosure.
**CVE-2024-53197:** A privilege escalation flaw within the Kernel's USB sub-component. This flaw, rooted in the Linux kernel, was previously patched, but its inclusion in the actively exploited chain indicates exposure unless the specific Android patches are applied. A critical severity (though not explicitly scored here) vulnerability in the System component leading to remote escalation of privilege with no user interaction required was also noted.
## Exploitation
- Status: **Exploited in the wild** (Limited, targeted exploitation acknowledged by Google).
- Complexity: Low (One vulnerability noted to require no user interaction for exploitation).
- Attack Vector: Implied Remote/Network based on the "remote escalation of privilege" description, though the kernel flaws are in the USB component.
## Impact
- Confidentiality: Significant (Implied by Information Disclosure risk).
- Integrity: Significant (Implied by Privilege Escalation risk).
- Availability: Potential
## Remediation
### Patches
- Google has shipped patches in the **April 2025 Android security update bulletin** for both vulnerabilities, addressing the exploit chain. (Specific OS build numbers are not provided in the summary text).
### Workarounds
- Users are advised to apply the security updates as soon as Original Equipment Manufacturers (OEMs) release them. No specific temporary workarounds were provided in this summary.
## Detection
- Detection details regarding previous exploitation have not been released ("There are currently details on how CVE-2024-53150 has been exploited in real-world attacks...").
- Detection relies on applying the vendor-supplied security updates.
## References
- Vendor Advisories: [source dot android dot com/docs/security/bulletin/2025-04-01](https://source.android.com/docs/security/bulletin/2025-04-01)
- Relevant Links:
- Amnesty International reference on chaining similar bugs: [thehackernews dot com/2025/02/amnesty-finds-cellebrites-zero-day dot html](https://thehackernews.com/2025/02/amnesty-finds-cellebrites-zero-day.html)
- Previous February patch reference: [thehackernews dot com/2025/02/google-patches-47-android-security dot html](https://thehackernews.com/2025/02/google-patches-47-android-security.html)
- Previous March patch reference: [thehackernews dot com/2025/03/googles-march-2025-android-security dot html](https://thehackernews.com/2025/03/googles-march-2025-android-security.html)