CVE-2024-53150 and CVE-2024-53197 are two high-severity security vulnerabilities in Android and are currently being actively exploited. Both are linked to the Linux kernel’s USB sub component and pose serious risks to Android devices.

  • CVE-2024-53150 is an out-of-bounds read vulnerability that enables attackers to access sensitive information without user interaction.
  • CVE-2024-53197 is a privilege escalation flaw that allows attackers to gain elevated permissions on the device.

These vulnerabilities have been exploited as part of a zero-day exploit chain, reportedly used by Serbian authorities to compromise Android devices belonging to activists. The exploit chain was developed by Cellebrite, an Israeli digital forensics firm, and has been linked to targeted attacks against individuals such as a Serbian youth activist in December 2024.

Given the active exploitation of these flaws, it is critical for Android users and administrators to take immediate action to secure their devices.

Impacted Products/Versions

The vulnerabilities affect Android devices running versions of the Linux kernel with the USB sub-component flaws. These issues were initially fixed in the Linux kernel in December 2024 but remain exploitable on unpatched Android devices.

Remediation/Mitigation

Apply Security Updates

Google has released patches as part of its April 2025 Android security update. Users are strongly advised to install these updates as soon as they become available from their device manufacturers or carriers. Two patch levels are provided:

  • 2025-04-01 Patch Level: Addresses 27 common vulnerabilities.
  • 2025-04-05 Patch Level: Includes fixes for additional third-party and kernel subcomponents.

Google Pixel devices receive these updates immediately, while other vendors may require additional time to release them.

Mitigation Steps

For devices unable to receive updates immediately:

  1. Restrict USB Access: Limit physical access to USB ports on devices to reduce exposure to potential exploits.
  2. Monitor Device Activity: Use mobile security tools to detect unusual behaviour or unauthorised access attempts.
  3. Secure Sensitive Data: Encrypt sensitive data on devices to mitigate risks of information disclosure.

Potential Impact

Exploitation of these vulnerabilities can result in:

  • Unauthorised access to sensitive information (CVE-2024-53150).
  • Escalation of privileges, potentially leading to full device compromise (CVE-2024-53197).

These risks highlight the urgency of applying the recommended patches and implementing mitigation measures where necessary.

Resources and Sources

https://source.android.com/docs/security/bulletin/2025-04-01

https://thehackernews.com/2025/04/google-releases-android-update-to-patch.html

https://www.bleepingcomputer.com/news/security/google-fixes-android-zero-days-exploited-in-attacks-60-other-flaws/

https://www.infosecurity-magazine.com/news/android-update-address-two-zero/

https://www.malwarebytes.com/blog/news/2025/04/google-fixes-two-actively-exploited-zero-day-vulnerabilities-in-android

Need a hand?

Secure-ISS offers remediation services across your entire infrastructure stack, including network, identity, host, and virtualisation layers.

If you need support in protecting your organisation or strengthening your security posture, please reach out to our team.