Google has addressed a high-severity vulnerability in the Android kernel, tracked as CVE-2024-36971, which is currently being actively exploited.

The August security updates include two patch sets, with the latter providing additional fixes for closed-source and kernel components.

The August 2024 Android Security Bulletin reports a total of 47 vulnerabilities, including issues in the Framework, System, and various components from Qualcomm and MediaTek.

Given the severity of these vulnerabilities, attackers could potentially fully compromise affected devices.

Google reports that the attacks exploiting this vulnerability are limited and targeted, although the full extent remains unclear.

The vulnerability allows for remote code execution, enabling attackers to execute arbitrary code on unpatched devices without user interaction.

To exploit this vulnerability effectively, attackers may need to combine it with other vulnerabilities.

Components from Qualcomm and Imagination Technologies are also affected, including display and Wi-Fi functions.

The collaboration between Google and Samsung is crucial for timely updates, especially for Galaxy users affected by these vulnerabilities.

Samsung's update rollout will occur gradually by device and region, prioritizing flagship and newer models.

Google Pixel devices typically receive security updates immediately, while other manufacturers may delay updates for compatibility testing.