Google has released its April 2025 Android Security Bulletin, addressing numerous critical vulnerabilities including two zero-day flaws actively exploited in targeted attacks. 

This marks the third consecutive month that Google has issued emergency patches for actively exploited vulnerabilities, highlighting the ongoing security challenges facing the Android ecosystem.

Critical Vulnerabilities Under Active Exploitation

The April 2025 security update specifically addresses CVE-2024-53150 and CVE-2024-53197, both of which Google confirms “may be under limited, targeted exploitation.” 

These vulnerabilities impact devices across multiple Android versions, from Android 12 through 15, with particular concern for devices that haven’t received timely security updates.

CVE-2024-53150 represents a significant security threat within the Linux kernel’s ALSA USB-audio driver. 

This vulnerability occurs when the driver fails to validate the bLength parameter while processing clock descriptors properly. 

When exploited, this out-of-bounds read vulnerability (CWE-125) could potentially expose sensitive kernel memory contents, compromising system security.

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar

The vulnerability carries a CVSS v3.1 base score of 7.1 (HIGH), indicating its serious nature.

The second actively exploited vulnerability, CVE-2024-53197, also affects the Linux kernel’s ALSA USB audio driver, specifically impacting Extigy and Mbox device configurations. 

This flaw occurs when a malicious USB device presents an invalid bNumConfigurations value that exceeds the initially allocated memory. 

This discrepancy leads to potential out-of-bounds memory access in the usb_destroy_configuration function, which could result in system crashes or privilege escalation.

The summary of the vulnerabilities is given below:

CVE IDAffected ProductsImpactExploit PrerequisitesCVSS 3.1 ScoreCVE-2024-53150Linux kernel’s ALSA USB-audio driver (Kernel versions: 5.4.287, 5.10.231, 5.15.174, 6.1.120, 6.6.64, 6.11.11, 6.12.2+)Information disclosure via out-of-bounds readLocal access; no user interaction required7.1 (High)CVE-2024-53197Linux kernel’s ALSA USB-audio driver (Extigy and Mbox device configurations)Privilege escalation via out-of-bounds memory accessPhysical access with malicious USB device7.8 (High)

Security researchers from GrapheneOS have noted that conventional device locks—including passwords, fingerprints, and facial recognition—may not fully protect against exploitation of these flaws.

Security experts believe CVE-2024-53197 shares similarities with exploits previously used by digital intelligence companies like Cellebrite, particularly for extracting data from locked devices. 

This suggests potential connections to sophisticated surveillance tools used in targeted operations.

Patch Distribution 

Google has already pushed patches to Pixel devices, while Samsung has demonstrated an improved response time compared to previous security incidents. 

Samsung’s April 2025 security update addresses over 60 vulnerabilities in total, including these critical kernel flaws.

The patches have been released in two security patch levels (2025-04-01 and 2025-04-05), with the latter containing the fixes for the actively exploited vulnerabilities.

Source code patches will be released to the Android Open Source Project (AOSP) repository within 48 hours of the bulletin’s publication.

Notably, Google’s Threat Analysis Group previously reported a 50% increase in zero-day exploits observed in 2023 compared to 2022, with 48 vulnerabilities attributed to espionage actors and 49 to financially motivated hackers.

Users are strongly advised to update their devices immediately to security patch level 2025-04-05 or later to mitigate these serious security risks.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try 50 Request for Free