Google has provided security patches for 47 security imperfections in its Android operating system, including one that it claims has been exposed to widespread abuse in the wild.
The vulnerability in question is ( CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class ( ) driver.
Effective abuse of the flaw could lead to actual increase of pleasure, Google said, noting that it’s aware that it may be under “limited, intended abuse”.
Although no further technological details have been provided, Linux kernel designer Greg Kroah-Hartman revealed in earlier December 2024 that the risk was introduced in edition 2. 6.26, which was made available in the middle of 2008.
Specifically, it has to do with an that could arise as a result of parsing frames of type UVC_VS_UNDEFINED in a function named “uvc_parse_format ( )” in the “uvc_driver. c” software.
This also means that the weakness may be to result in memory fraud, system crash, or arbitrary script execution.
Also patched as part of Google’s monthly security updates is a critical flaw in Qualcomm’s WLAN component ( , CVSS score: 9.8 ) that could also lead to memory corruption.
In order to provide Android partners more freedom, Google released two security piece levels, 2025-02-01 and 2025-02-05, making it worthwhile to note that these two levels are comparable across all Android devices more quickly.
Google urged Android partners to use the most recent protection patch level to resolve all bugs in this bulletin.