A new Linux exploit is affecting some Android 12 devices including Google Pixel 6 more Samsung Galaxy S22 Series Smartphones. This new Linux exploit, named “Dirty Pipe”, was discovered as vulnerability CVE-2022-0847, a security exploit present in some versions of the recent Linux kernel. The kernel is the core of an OS that acts as an intermediary between apps and the hardware. This means that if users of the mentioned devices allow an Android app to read files on their phone/computer, it may run malicious code or corrupt the file. This vulnerability has already shown its potential to gain administrator access to the system on desktop/laptop versions of Linux. dirty pipe The exploit could easily allow attackers to take full control of your device.
How does dirty pipe work?
As the name suggests, Dirty Pipes is related to Linux’s concepts of “pipes” and “pages”. Here pipes are used to get data from one app or process to another app while pages are small chunks of your device’s RAM. The Dirty Pipe exploit allows apps to manipulate Linux pipes so that the application can insert its data into pages of memory. This makes it easy for an attacker to either change the contents of the file the user is trying to access or even gain complete control over the user’s system.
Dirty pipe affected equipment
The Dirty Pipe exploit targets all Linux-powered devices, including Android phones, Chromebooks, and even Google Home Tools like – ChromecastSpeakers and Display. To be specific, the bug was introduced in 2020 with Linux kernel version 5.8 and is present in every device released after that.
The good news is that Dirty Pipe’s damage potential is very limited for Android devices as most of them use an older version of the Linux kernel which is unaffected by the bug. However, this is not the case with devices running Android 12 out-of-the-box. So, Android devices like google pixel 6 Series and Samsung Galaxy S22 series may be affected by Dirty Pipe. Furthermore, the developer who initially discovered the bug has reproduced it on the Pixel 6 smartphone and reported it to Google.
How Are Companies Trying to Fight Dirty Pipes?
In addition to discovering the “Dirty Pipe” exploit, the developer was also able to fix the vulnerability. `The fix was then submitted to the Linux Kernel Project and within a few days, new versions of the Linux kernel were unveiled to include the fix.
of google Android Security Team The “Dirty Pipe” exploit was reported in February. The fix was soon added to the Android source code to ensure that upcoming builds of the OS are protected from this exploit. The Chrome OS team also made improvements and is set to roll out as a mid-cycle update to Chrome OS 99.
Google has finally rolled out the May 2022 security patch for Pixel phones and has also released an Android security bulletin for the month that directly mentions the Dirty Pipe exploit. This means that every Android smartphone that has the May 2022 security update installed can be considered safe from attackers.