Google Rolls Out February 2025 Security Patch for Android With 47 Fixes

Feb 11, 2025 by admin

Photo Credit: Android

Google also recently rolled out the February 2025 update for Pixel devices

Highlights

Google's update fixes 47 vulnerabilities of high to critical severity
One vulnerability, CVE-2024-53104, is reported to be actively exploited
The patch addresses issues in system, framework, and kernel

Google on Monday released the February 2025 security patch for Android devices. The update brings crucial security fixes for discovered vulnerabilities, ranging from high to critical severity, including one CVE which is said to have been “actively exploited”. Several flaws target devices powered by Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisoc components, while other vulnerabilities affect general system components such as framework and kernel.

February 2025 Security Patch for Android

According to Google's Android Security Bulletin for February 2025, a total of 47 discovered vulnerabilities have been patched with the latest update. Following the rollout, the Mountain View-based technology giant has also released the source code patches for these issues to the Android Open Source Project (AOSP) repository. Google notes that one of the vulnerabilities, with the identifier CVE-2024-53104, is related to the USB Video Class (UVC) driver subcomponent and may be “under limited, targeted exploitation”.

With a high severity and a CVSS score of 7.8, it could lead to “physical escalation of privilege with no additional execution privileges needed”, as per the bulletin. While Google has not shared any other details, the National Vulnerability Database, which is the US government's repository of standards-based vulnerability management data, describes it as a video subsystem flaw in the Linux kernel.

Developer Finds Custom Kernel Fix for Pixel Stuttering Issues

It occurred when the uvc_parse_format function tried handling UVC_VS_UNDEFINED frame but skipped or ignored the undefined frames, parsing them instead. The uvc_parse_streaming function, which calculates the buffer size, created this vulnerability as it tried to calculate the buffer size for the expected frames but did not account for the undefined ones. Thus, its attempt to write data steered past the allocated buffer size, creating an out-of-bounds write.

Google Rolls Out February 2025 Update for Pixel Phones With Bug Fixes
Google Reveals Timeline for Commercial Quantum Computing Applications

Out of the 47 vulnerabilities patched with the February 2025 update, only one has been labelled a “critical” severity, CVE-2024-45569. It has a CVSS rating of 9.8. The flaw affects WLAN subcomponent in Qualcomm devices. It also addresses issues related to framework, kernel, platform, and system.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Google, Android update, Google Security Bulletin, Google Security Update, Google Security

Shaurya Tomer

Email Shaurya Tomer

Shaurya Tomer is a Sub Editor at Gadgets 360 with 2 years of experience across a diverse spectrum of topics. With a particular focus on smartphones, gadgets and the ever-evolving landscape of artificial intelligence (AI), he often likes to explore the industry's intricacies and innovations – whether dissecting the latest smartphone release or exploring the ethical implications of AI advancements. In his free time, he often embarks on impromptu road trips to unwind, recharge, and ...More

US FDIC to Reevaluate 'Supervisory Approach' to Crypto-Related Activities

China Reportedly Considers Probe Into Apple's Policies, App Store Fees

Google Rolls Out February 2025 Security Patch for Android With 47 Fixes

February 2025 Security Patch for Android

Related Stories

Leave a Comment