 |
Google and Samsung start to patch ?Dirty Pipe? vulnerability on their phone
AVN News Feed
  |
|
|
Thread Tools |
|
#1
04-08-2022, 02:34 PM
|
||||
|
||||
|
Google and Samsung start to patch ?Dirty Pipe? vulnerability on their phone
Google and Samsung start to patch ?Dirty Pipe? vulnerability on their phones
Google released the Android security update for April earlier this week, but the patch didn’t include a fix for the ‘Dirty Pipe’ security vulnerability that was widely publicized last month. Even though we’ll likely have to wait until the May update for most devices to be fixed, some manufacturers have started to patch their own devices, including Google itself. Dirty Pipe (CVE-2022-0847) is an exploit discovered in the Linux kernel that allows someone to inject and overwrite data in read-only processes, without any root or admin permissions. The vulnerability has already been used to achieve temporary root access on Android, but it could also allow malware and other unknown software to gain system access. Dirty Pipe has now been fixed in the Linux kernel (with versions 5.16.11, 5.15.25, and 5.10.102), as well as Android’s version of the Linux kernel, but the patch wasn’t included in the April security update. It will presumably arrive in the May update, but not everyone wants to wait that long. Some custom kernels for the Pixel 6 and Pixel 6 Pro include the patch, including the Kirisakura kernel. Google’s Android QPR3 Beta 2 for the Pixel 6 and Pixel 6 Pro, which was released on Thursday, has a patched kernel version. Samsung seems to be the only manufacturer rolling out a fix to phones on stable software, as part of the April 2022 update on Galaxy devices — the company’s security bulletin mentions CVE-2022-0847, and the update has been verified to block Dirty Pipe attacks. The Xiaomi 12/12 Pro still seem to be vulnerable, as those phones haven’t received a security update since the initial release in February. OnePlus hasn’t release source code for its April update yet. We’ll have to wait and see which manufacturers wait for the May update, and which companies push an update early (as Samsung is doing). Either way, you should probably avoid installing sketchy APKs for the time being. The post Google and Samsung start to patch ‘Dirty Pipe’ vulnerability on their phones appeared first on xda-developers. More... 
|
|
«
Previous Thread
|
Next Thread
»
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| New Software Patch Arrives for Samsung Galaxy A52 | phillynewsnow | AVN News Feed | 0 | 07-15-2022 02:43 PM |
| Samsung Galaxy Note 20 series now seeing May 2022 security patch | phillynewsnow | AVN News Feed | 0 | 05-02-2022 11:23 PM |
| Samsung Galaxy Z Fold 3 gets April security patch with ?Dirty Pipe? fix | phillynewsnow | AVN News Feed | 0 | 04-11-2022 09:22 AM |
| PSA: Dirty Pipe, the Linux kernel root vulnerability, can be abused on the | phillynewsnow | Random Community Topics | 0 | 03-15-2022 10:20 AM |
All times are GMT -5. The time now is 12:52 PM.
|
Layout Options | Width:
Fixed
Contact Us -
SPJ Bulletin -
Archive -
Privacy Statement -
Terms of Service -
Top
| |