A new Linux exploit is affecting something Android 12 devices including Google Pixels 6 and Samsung Galaxy S22 series This new Linux exploit, dubbed the “Dirty Pipe” smartphone, was discovered as a vulnerability CVE-2022-0847, a security exploit present in some versions of the recent Linux kernel. A kernel is the core of an OS that acts as an intermediary between apps and hardware. This means that if users of the specified device allow an Android app to read files on their phone / computer, it may run malicious code or corrupt the file. This vulnerability already indicates the possibility of admin access to a system on the desktop / laptop version of Linux. The Dirty pipes exploit lets attackers easily take full control of your device.
How do dirty pipes work?
As the name implies, Dirty Pipe is related to the concept of “Pipes” and “Pages” in Linux. The pipes here are used to retrieve data from one app or process it in another, while the pages are small bits of your device’s RAM. Dirty Pipe Absorption allows apps to manage Linux pipes so that the application can insert its data into a single page of memory. This makes it easier for the attacker to replace the contents of a file that the user is trying to access or even gain complete control of the user’s system.
Device affected by dirty pipes
Dirty Pipe Exploit targets all Linux-powered devices, including Android phones, Chromebooks and even Google Home Devices such as – Chromecast, Speakers and displays. Specifically, the bug was introduced in 2020 with the Linux kernel version 5.8 and is present in every device released since then.
The good news is that the potential for Dirty Pipe damage is very limited for Android devices because most of them use an older version of the Linux kernel that is not affected by bugs. However, this is not the case with devices that run Android 12 out-of-the-box. So, like an Android device Google Pixel 6 Series and Samsung Galaxy S22 series may be affected by dirty pipes. In addition, the developer who initially discovered the bug reproduced it on a Pixel 6 smartphone and reported it to Google.
How are companies trying to fight the dirty pipe?
In addition to discovering the “dirty pipe” exploitation, the developer was also able to fix vulnerabilities. The fix was then submitted to the Linux kernel project, and within a few days, newer versions of the Linux kernel were unveiled to include the fix.
Google’s Android security team “Dirty Pipe” exploits were reported in February. Fixes have been added to the Android source code soon to ensure that upcoming OS builds are safe from this exploitation. The Chrome OS team has also fixed and is set to roll out as a mid-cycle update to Chrome OS 99.
Google has finally launched a security patch for the Pixel phone in May 2022, and also released the Android Security Bulletin for that month, which contains a direct reference to Dirty Pipe Exploitation. This means that every Android smartphone that installs a security update in May 2022 can be considered safe from attackers.