An intriguing 0-day in the Android core

As part of its February 2025 security updates for Android devices, Google points out that a vulnerability is the subject of active exploitation in attacks. The exploitation is qualified as limited and targeted.
CVE-2024-53104 is a vulnerability of the price elevation of privileges in the Android kernel (Kernel). It affects the component and code of the UVC pilot – USB Video Class – for the management of USB cameras and video sources.
A priori, an exploitation supposes the connection of a trapped equipment. Google underlines a physical escalation of privileges without any privilege of additional execution being necessary. The details are lacking to get a more precise idea of the exploitation in attacks.
The Hackers News points out that Greg Kroah-Hartman, a Linux core developer, had revealed at the end of 2024 that the vulnerability CVE-2024-53104 had been introduced in version 2.6.26 of the Linux Kernel, mid-2008.
Critical vulnerability
Android security updates for this month of February correct a little less than fifty security vulnerabilities. The most critical is not that exploited in mysterious attacks, but a vulnerability CVE-2024-45569.
With a CVSS score of 9.8, the CVE-2024-45569 flaw the WLAN component of Qualcomm and augurs a possibility of remote exploitation.