Due to the open-source nature of the Linux kernel, many people can modify and redistribute it. However, open-source can be a double-edged sword when it comes to unpatched security holes.
Recently, security researcher Max Kellermann discovered a high-risk vulnerability in the Linux kernel, known as Dirty Pipe (Dirty Pipe), numbered CVE-2022-0847, which can overwrite data in any read-only file and gain root privileges.
The vulnerability is affected in Linux kernel version 5.8 and above, and below 5.16.11, 5.15.25 and 5.10.102, that is, 5.8 <= affected version < 5.16.11 / 5.15.25 / 5.10.102.
According to the requirements of the Android system, a large number of newly released Android 12 mobile phones have used Linux kernel version 5.8 and above, so these devices will be affected, including those equipped with Snapdragon 8 Gen 1, Dimensity 8000 series, Dimensity 9000, Exynos 2200 and Google Tensor devices, etc.
According to Kellermann, Google merged his bug fixes with the Android kernel last month and will be fixed in Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 and above. However, due to the fragmentation of the Android phone market, a large part of these patches depends on OEM manufacturers to update.
