Linux Dirty Pipe kernel bug exposes Android to potential malware vector
IfAndroidwere a car engine, and you popped the hood and poked around a bit, you’d find the label “Linux” etched on the engine block. The open-source operating system provides the starting point that Android’s built on top of, but sharing code also means sharing vulnerabilities. Now a newly discovered Linux kernel bug is raising concerns for the security of Android devices, as it leaves a door open for malware intrusion.
The glitch in question has been dubbed “Dirty Pipe” by software engineer Max Kellerman, who providesa detailed writeupabout the bug’s discovery. He first spotted some mysteriously corrupted log files last year, and his analysis of the problem revealed a kernel-level flaw that’s existed since 2020. The vulnerability lets software overwrite the system page cache, even for files where apps shouldn’t otherwise have permission. He determined that in the wrong hands the issue had potential for exploitation and alerted the team behindLinux kernel security.Properly coded malware could use this method to obtain full control of a vulnerable system by overwriting files as vital as the system’s root password.
Kellerman was also able to reproduce the bug on aPixel 6, and reached out to let Google know. The company similarly prepared a fix, and merged it into the Android kernel. Right now, it’s just a matter of OEMs needing to incorporate that fixed kernel in future device updates.
For what it’s worth, Googleconfirmed to Android Policethat Dirty Pipe didnotplay a role in delaying the release ofAndroid 12Lfor the Pixel 6. Linux users, meanwhile, need to install their distro’s most recent security updates ASAP.
The note-taking app I should have used all along
Broader branding hints at wider paid-tier ambitions
Via the Phone Link app, of course
The gimmicks phone makers keep selling us every single year
Check your order status!
It’s been an interesting journey
