Google Patches Kernel Zero-Day Vulnerability in Android, Amidst Targeted Exploits

August 5, 2024

Google has patched a critical zero-day vulnerability, CVE-2024-36971, in the Android kernel that was being exploited in targeted attacks. The flaw is a use after free (UAF) weakness in the Linux kernel's network route management that could be exploited to alter the behavior of certain network connections. While successful exploitation requires System execution privileges, it allows threat actors to execute arbitrary code without user interaction on unpatched devices. Google noted that there were indications of the CVE-2024-36971 being exploited in a limited, targeted manner.

The vulnerability was discovered and reported by Clément Lecigne, a security researcher from Google's Threat Analysis Group (TAG). Although Google has not yet disclosed details about the exploitation of the flaw or the threat actors behind the attacks, Google TAG frequently identifies and discloses zero-days used in state-sponsored surveillance software attacks targeting high-profile individuals.

Google plans to release source code patches for these issues to the Android Open Source Project (AOSP) repository soon. Earlier this year, Google patched another zero-day, CVE-2024-32896, that was being exploited. This high-severity elevation of privilege (EoP) flaw in the Pixel firmware was discovered and reported by GrapheneOS, which tracked it as CVE-2024-29748. Forensic companies had exploited this vulnerability to unlock Android devices without a PIN and access stored data.

As part of the August security updates, Google has released two patch sets, the 2024-08-01 and 2024-08-05 security patch levels. The latter includes all the security fixes from the first set and additional patches for third-party closed-source and Kernel components, including a critical vulnerability, CVE-2024-23350, in a Qualcomm closed-source component.

It is noteworthy that not all Android devices may require the security vulnerabilities that apply to the 2024-08-05 patch level. Device vendors may prioritize deploying the initial patch level to streamline the update process. This, however, does not necessarily indicate an increased risk of potential exploitation. While Google Pixel devices receive monthly security updates immediately after release, other manufacturers may need some time before rolling out the patches due to necessary additional testing of the security patches to ensure compatibility with various hardware configurations.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.