Preface: Vulnerability findings appear to have changed compared to five years ago. As a matter of fact, the trend of open source concept driven the a lot of details visible,   a bunch of vulnerabilities have accumulated in 2024, and the Android security advisory on January 2025 shows you what’s the actual status.

Manufacturers will have an easier time managing vulnerabilities because the patches released today were discovered by them months or a year ago.

Background: IPA Capabilities

● Presented by its driver as a network device

● Performs checksum offload, packet aggregation

○ Reduces processing and interrupt load on the main CPU

● Also implements integrated IPA filtering, routing, and NAT

○ These features are not supported by the upstream driver (yet!)

● Capable of operation independent while AP is asleep

○ Tethered operation (WiFi hotspot)

○ Requires much less power than operating AP

○ This mode is not supported upstream either

Vulnerability details: Memory corruption while processing IPA statistics, when there are no active clients registered.

[CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)]

In a classic buffer overflow exploit, the attacker sends data to a program, which it stores in an undersized stack buffer. The result is that information on the call stack is overwritten, including the function’s return pointer

Official announcement: Please refer to the link below for details –

https://source.android.com/docs/security/bulletin/2025-01-01

Preface: Vulnerability findings appear to have changed compared to five years ago. As a matter of fact, the trend of open source concept driven the a lot of details visible,   a bunch of vulnerabilities have accumulated in 2024, and the Android security advisory on January 2025 shows you what’s the actual status.

Manufacturers will have an easier time managing vulnerabilities because the patches released today were discovered by them months or a year ago.

Background: CUPS provides the “cups” library to talk to the different parts of CUPS and with Internet Printing Protocol (IPP) printers. The “cups” library functions are accessed by including the <cups/cups.h> header. CUPS is based on the Internet Printing Protocol (“IPP”), which allows clients (applications) to communicate with a server (the scheduler, printers, etc.) to get a list of destinations, send print jobs, and so forth. You identify which server you want to communicate with using a pointer to the opaque structure http_t. The CUPS_HTTP_DEFAULT constant can be used when you want to talk to the CUPS scheduler.

Vulnerability details: Five critical Android fixes (CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, CVE-2024-49748) were released in the January 2025 Security Advisory Bulletin. We are aware that the above vulnerability advisory was released on December 3, 2024. But why not provide details?

Perhaps it related to CUPS. When android install this opensource system, Android itself cannot protect itself.So, it bring out the vulnerabilities.

I speculated the vulnerability exchange CVE reference numbers on CUPS to Android is shown as below:

Android CVE-2024-43096 – CVE-2024-47076 (CUPS)

Android CVE-2024-49747 – CVE-2024-47175 (CUPS)

Android CVE-2024-49748 – CVE-2024-47176

Android CVE-2024-43770 – CVE-2024-47176 (CUPS): When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Android CVE-2024-43771 – CVE-2024-47177 (CUPS)

Official announcement: Please refer to the link below for details –

https://source.android.com/docs/security/bulletin/2025-01-01

Preface: There are four global satellite navigation systems, currently GPS (United States), GLONASS (Russian Federation), Beidou (China) and Galileo (European Union).

Background: Android Opensource is called HLOS. Qualcomm’s proprietary one is called non-HLOS.

The Android on Snapdragon architecture is built to allow for common feature adoption across devices with Snapdragon. It represents the software features and functionalities available on Qualcomm® reference devices and provided to OEMs for design into their Android mobile devices and tablets.

Global Navigation Satellite System ( GNSS ) refers to any satellite constellation that provides global positioning, navigation, and timing services. Several GNSS are currently available: BeiDou (China) , Galileo (EU), GPS (USA) and GLONASS (Russia). On Oct 2022, Rx Networks, Inc., a GNSS data services company, announced the availability of TruePoint.io precise location services on Qualcomm’s Snapdragon 8 Gen 1 and Snapdragon 888 5G Mobile Platforms.

Vulnerability details: Memory corruption during GNSS HAL process initialization.

Technology Area: GPS HLOS Driver

CWE-416: Use After Free

Official announcement: Please refer to the official announcement for details – https://nvd.nist.gov/vuln/detail/CVE-2024-38424

Preface: BSS Transition Management enables an AP to request a voice client to transition to a specific AP, or suggest a set of preferred APs to a voice client, due to network load balancing or BSS termination.

Background: A STA receiving a BSS Transition Management Request frame may respond with a BSS Transition Management Response frame.

The BSS Termination Included (bit 3) field indicates that the BSS Termination Duration field is included, the BSS or the AP MLD is shutting down and the STA or the non-AP MLD will be disassociated. The AP or AP MLD sets the BSS Termination Included bit in the Request mode field to 1 to indicate that the BSS or AP MLD is shutting down.

The BSS Termination Included bit is 0 if no BSS Termination Duration information is included in the BSS Transition Management Request frame.

Vulnerability details: Transient DOS while parsing BTM ML IE when per STA profile is not included.

Official announcement: Please refer to the vendor announcement for details –

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html

Preface: What is intent redirection and app security in Android? An intent redirection occurs when an attacker can partly or fully control the contents of an intent used to launch a new component in the context of a vulnerable app.

Background: An Intent in the Android operating system is a software mechanism that allows users to coordinate the functions of different activities to achieve a task. One or more of your apps contain an Intent Redirection issue which can allow malicious apps to access private app components or files.

Vulnerability details: CVE-2024-43080: This vulnerability could lead to privilege escalation. Please refer to the official announcement for details – https://source.android.com/docs/security/bulletin/2024-11-01

Preface: USAT (USIM Application Toolkit) technology is based on the original passive operation mode of the SIM card and adds the new active operation capability of the SIM card, which allows applications and services in the SIM card to actively interact with mobile terminals.

Background: The USAT (USIM Application Toolkit) is a standardized set of commands and protocols that allow mobile applications to interact with the USIM card in 3G and 4G/LTE mobile networks.

USAT use case example:

Mobile Banking: Displays a secure PIN entry screen for transaction verification.

Mobile Payments: Interact with USIM cards for secure payment transactions, authorization and token generation.

Mobile messaging: Receive event notifications for incoming SMS messages or delivery reports.

Vulnerability details: An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer overflow can lead to a Denial of Service.

Official announcement: Please refer to the link for details – https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-45184/

Preface: Security patches can be divided into 2 categories — HLOS (High Level Operating System) and NON-HLOS. The first category is for patches concerning the Android system itself and the Linux kernel, and the other is about code running at much lower levels.

Background: The software image running on the main processor is termed as HLOS. The Snapdragon 8 Gen 1 Chipset, that powered the new Samsung Galaxy S22 series, is one of the quickest and most energy-efficient processors available. Qualcomm is known for making some of the greatest chipsets for Android devices, and their current flagship SoC is the Snapdragon 8 Gen 1. Despite the fact that the chip was unveiled in November 2021, few devices have taken advantage of its capabilities. The MotorolaEdge X30, which was released in December 2021, was the first smartphone to include a Snapdragon 8 Gen 1 processor.

Vulnerability details: Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.

Official announcement: Please refer to the link for details –

https://docs.qualcomm.com/bundle/publicresource/topics/80-41102-2/page_c_tafDiagUpdate.html