Google yesterday rolled out security patches for the Android mobile operating system but did not include fix for at least one bug that enables increasing permissions to kernel level. The vulnerability exists in the driver for the video for the Video For Linux 2 (V4L2) interface used for video recording. It is estimated as a high-severity zero-day so it does not have an identification number yet. Google learned about it in March and acknowledged it, though the company said that a fix would become available.
Source: https://www.bleepingcomputer.com/news/security/android-zero-day-bug-does-not-make-it-on-google-s-fix-list/