Google warns of an actively exploited Android kernel flaw

Pierluigi Paganini August 06, 2024

Google addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel.

Google fixed a high-severity flaw, tracked as CVE-2024-36971, impacting the Android kernel. The IT giant is aware that the vulnerability has been actively exploited in the wild. The company did not share details of the attacks exploiting this vulnerability.

The vulnerability is a remote code execution impacting the kernel.

“There are indications that CVE-2024-36971 may be under limited, targeted exploitation.” reads the advisory published by Google.

The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group (TAG). The TAG team investigates attacks carried out by nation-state actors and commercial spyware vendors.

Android Security Bulletin for August 2024 addressed a total of 47 vulnerabilities in Framework (13), System (1), Kernel (1), Arm components (2), Imagination Technologies (1), MediaTek components (1), Qualcomm components (21), and Qualcomm closed-source components (7).

The vulnerabilities addressed by Google include Elevation of Privileges, DoS, Remote Code Execution, and Information disclosure.

“The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed.” continues the advisory.

In June 2024, Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day.

“There are indications that CVE-2024-32896 may be under limited, targeted exploitation.” reads the advisory.

As usual, the IT giant did not provide technical information about attacks exploiting the above issue.

The Pixel Update Bulletin provides details of security vulnerabilities and functional improvements for supported Google Pixel devices. The company addressed all the flaws detailed in the bulletin with the release of the security patch levels of 2024-06-05 or later and the June 2024 Android Security Bulletin.

In June 2024, Google warned of an elevation of privilege vulnerability, tracked as CVE-2024-32896, in the Pixel Firmware, which has been exploited in the wild as a zero-day.

“There are indications that CVE-2024-32896 may be under limited, targeted exploitation.” reads the advisory.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Android)



you might also like

leave a comment