Android 12 now has Dirty Pipe high-risk privilege escalation vulnerability

In March this year, security researcher Max Kellermann discovered a high-risk vulnerability in the Linux kernel, which is called Dirty Pipe (Dirty Pipe), number CVE-2022-0847, which can overwrite any read-only The data in the file, and gain root privileges, a large number of newly released Android 12 phones are affected.

join us on telegram

Most Android phone makers have yet to roll out fixes, with Google and Samsung taking the lead. Google’s Android QPR3 Beta 2 for the Pixel 6 and Pixel 6 Pro released on Thursday includes a kernel patch that fixes the high-severity privilege escalation vulnerability. Samsung mentioned the patch in the April update for Galaxy phones, and the update has been verified to block Dirty Pipe attacks.

The vulnerability is affected in Linux kernel versions 5.8 and above, and below 5.16.11, 5.15.25 and 5.10.102, that is, 5.8 <= affected version < 5.16.11 / 5.15.25 / 5.10. 102.

According to the requirements of the Android system, a large number of newly released Android 12 mobile phones have used the Linux kernel version 5.8 and above, so these devices will be affected, including those equipped with Snapdragon 8 Gen 1, Dimensity 8000 series, Dimensity 9000, Exynos 2200 and Google Tensor devices, etc.

Leave a Comment