
Preface: Vulnerability findings appear to have changed compared to five years ago. As a matter of fact, the trend of open source concept driven the a lot of details visible, a bunch of vulnerabilities have accumulated in 2024, and the Android security advisory on January 2025 shows you what’s the actual status.
Manufacturers will have an easier time managing vulnerabilities because the patches released today were discovered by them months or a year ago.
Background: IPA Capabilities
● Presented by its driver as a network device
● Performs checksum offload, packet aggregation
○ Reduces processing and interrupt load on the main CPU
● Also implements integrated IPA filtering, routing, and NAT
○ These features are not supported by the upstream driver (yet!)
● Capable of operation independent while AP is asleep
○ Tethered operation (WiFi hotspot)
○ Requires much less power than operating AP
○ This mode is not supported upstream either
Vulnerability details: Memory corruption while processing IPA statistics, when there are no active clients registered.
[CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)]
In a classic buffer overflow exploit, the attacker sends data to a program, which it stores in an undersized stack buffer. The result is that information on the call stack is overwritten, including the function’s return pointer
Official announcement: Please refer to the link below for details –
https://source.android.com/docs/security/bulletin/2025-01-01