dirty pipe

The open-source operating system, Linux has discovered a new kernel level bug ‘Dirty Pipe’ that is raising concerns for the security of Android devices, as it leaves an entrance for malware intrusion. The glitch in question has been dubbed “Dirty Pipe” by software engineer Max Kellerman, who supplies a thorough write-up about the kernel bug’s discovery.

The Linux Kernel Bug Can Induce Malicious Codes in Android Devices

Moreover, he first spotted some mysteriously corrupted log files last year, and his analysis of the Linux kernel bug disclosed a kernel-level flaw that has existed since 2020. The Linux kernel bug allows the software to overwrite the system page cache, even for files where apps shouldn’t otherwise have authorization. He determined that in the wrong hands the Linux kernel bug had the potential for exploitation and cautioned the team behind Linux kernel security.

Moreover, correctly coded malware could employ this method to acquire full control of a vulnerable system by overwriting files as essential as the system’s root password. Kellerman was further able to replicate the bug on a Pixel 6 and contacted Google to inform them. The company likewise prepared a fix and integrated it into the Android kernel.

Dirty Pipe is Not Involved in the Release of Android 12L for the Pixel 6

In addition to this, Google has confirmed that Dirty Pipe did not play a role in delaying the release of Android 12L for the Pixel 6. Due to the fact that Linux kernel version 5.8 (or above) has only been an Android option since Android 12, legacy devices aren’t affected. However, smartphones based on the Qualcomm Snapdragon 8 Gen 1, MediaTek Dimensity 8000 and Dimensity 9000, Samsung Exynos 2200, and the Google Tensor SoC are vulnerable to the Dirty Pipe flaw because of their launch kernel builds.

Read more: Google Chrome’s New Update Fixes a High-Severity Zero-Day Vulnerability

Source: Android Police 


Please enter your comment!
Please enter your name here