Security News > 2024 > August > Google splats device-hijacking exploited-in-the-wild Android kernel bug among others

Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
2024-08-06 18:23

Google released 46 fixes for Android in its August security patch batch, including one for a Linux kernel flaw in the mobile OS that can lead to remote code execution.

While Google never provides much detail in its monthly patch bulletins about how Android flaws are being abused in the wild, it does note that "There are indications that CVE-2024-36971 may be under limited, targeted exploitation."

In 2023, TAG uncovered 25 zero-day vulnerabilities under active exploitation, and 20 of these were abused by commercial surveillance vendors.

August is another month in which Google issued two sets of patches.

There's the 2024-08-01 patch level, which are Android-specific, and the 2024-08-05 patch level, which includes all of the earlier CVEs plus patches for Kernel and third-party components: Arm, Imagination Technologies, MediaTek, and Qualcomm, including that permanent one.

Of course, all of this is simply a preview to next week's August Patch Tuesday event, during which Microsoft and friends will push fixes for even more CVEs, so stay tuned for that.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/08/06/google_fixes_linux_kernal_rce/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-06-10 CVE-2024-36971 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.
local
low complexity
linux CWE-416
7.8
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 140 994 4863 2810 1621 10288
Android 4 0 17 2 0 19
Kernel 4 2 8 5 0 15