Android patchday: Attackers exploit gaps in the USB audio driver

Owners of Android smartphones and tablets that are still under support should ensure that the latest security updates are installed. Attackers are currently exploiting two vulnerabilities.

Patch now!

In a warning message, the developers write about targeted attacks on a limited scale. The two vulnerabilities (CVE-2024-53150, risk “high” and CVE-2024-53197, also risk “high”) affect the Advanced Linux Sound Architecture (ALSA). Specifically, USB audio is affected. At this point, attackers can use special inputs in the driver to trigger memory errors. This usually leads to crashes (DoS) or malicious code can even be executed on the systems.

There is currently no further information on the process and effects of the attacks. Google assures that it has equipped devices with the 2025-04-01 and 2025-04-05 patch levels of the Android operating systems against these attacks.

Android: Further dangers

The developers have also closed “critical” gaps (CVE-2025-22429, CVE-2025-26416, CVE-2025-22423) in the framework and system in Android 13, 14 and 15. At these points, attackers can gain unauthorized access to information in unspecified ways or acquire higher user rights in the system.

Otherwise, DoS attacks are still possible with attacks on some vulnerabilities. The programmers have also closed security gaps in components from the systems-on-a-chip (SoC) manufacturers Arm, Imagination Technologies, MediaTek and Qualcomm. The WLAN module is one of the components affected.

As part of the patchday, Google also points out important changes to the Android Open-Source Project (AOSP) for developers: since the end of March this year, developers should use android-latest-release instead of aosp-main.

(des)