An extremely serious Linux kernel vulnerability known as "Dirty Pipe" has affected the Google Pixel 6, Samsung Galaxy S22, and several other new Android 12 smartphones. A malicious software can use this flaw to get system-level access and rewrite data in read-only files on the system. The problem was first discovered in the Linux kernel and was later replicated on Pixel 6 by a security researcher. Google was also made aware of its presence in order to roll out a patched system upgrade.
The 'Dirty Pipe' vulnerability was discovered by security researcher Max Kellermann of the German Web development company CM4all. Other researchers were able to outline the effect of the security flaw, which has been labeled CVE-2022-0847, shortly after Kellermann officially exposed it this week. According to Kellermann, the problem has been present in the Linux kernel from version 5.8, however it was addressed in Linux 5.16.11, 5.15.25, and 5.10.102.
It's comparable to the 'Dirty COW' issue, but the researcher claims it's easier to attack. The vulnerability known as 'Dirty COW' affected Linux kernel versions prior to 2018. It also affected Android users, however Google addressed the problem in December 2016 with a security patch. An attacker who takes advantage of the 'Dirty Pipe' vulnerability on the Linux system can erase data in read-only files.
By getting backdoor access, hackers may be able to create unauthorised user accounts, change scripts, and binaries. If the device was vulnerable, the researcher added, the issue might be leveraged to get complete root access. This implies a software may read and alter encrypted WhatsApp communications, collect validation SMS messages, impersonate users on random websites, and even remotely manage any banking applications installed on the smartphone to steal money.
Kellermann was able to duplicate the flaw on the Google Pixel 6 and informed the Android security team about it in February. Shortly after receiving the researcher's report, Google incorporated the issue patch into the Android kernel. It's unclear whether the March security patch, which was published earlier this week, corrected the flaw.