Security News > 2024 > August > Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution.
While Google never provides much detail in its monthly patch bulletins about how Android flaws are being abused in the wild, it does note that "There are indications that CVE-2024-36971 may be under limited, targeted exploitation."
In 2023, TAG uncovered 25 zero-day vulnerabilities under active exploitation, and 20 of these were abused by commercial surveillance vendors.
August is another month in which Google issued two sets of patches.
There's the 2024-08-01 patch level, which are Android-specific, and the 2024-08-05 patch level, which includes all of the earlier CVEs plus patches for Kernel and third-party components: Arm, Imagination Technologies, MediaTek, and Qualcomm, including that permanent one.
Of course, all of this is simply a preview to next week's August Patch Tuesday event, during which Microsoft and friends will push fixes for even more CVEs, so stay tuned for that.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/08/06/google_fixes_linux_kernal_rce/
Related news
- Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection (source)
- Google brings better bricking to Androids, to curtail crims (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Google's mysterious 'search.app' links leave Android users concerned (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- Google launches on-device AI to alert Android users of scam calls in real-time (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-10 | CVE-2024-36971 | Use After Free vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets. | 7.8 |