One of the strongest points of the Linux kernel has primarily been its open source nature, which allows stakeholders to fork, modify and redistribute it in a way that suits their particular needs. But this very advantage of being open source acts like a double-edged sword when it comes to the existence of unpatched security vulnerabilities and corresponding exploitable scenarios. While developers and big name OEMs are hard at work enhancing the overall security of the Linux ecosystem (which also includes Android), new vulnerabilities and exploits keep popping up and slipping under the radar. The mistake this time seems to be quite serious, unfortunately.
The newest bad fish in the pond was discovered by security researcher Max Kellermann. Nicknamed Dirty Pipe, the vulnerability allows overwriting data in arbitrary read-only files. Although it has already been patched in the mainline Linux kernel, the bug could potentially be weaponized in the form of a privilege-escalation exploit on every device out there running Linux kernel version 5.8 or newer. It also means that a bunch of newly released Android smartphones, such as the Samsung Galaxy S22 and the Google Pixel 6 are vulnerable as well, until each device receives the appropriate kernel patch from the respective OEM.
The origin of Dirty Pipe
Kellermann stumbled upon the anomaly back in April 2021, but it took him another few months to come up with a proof-of-concept exploit. Formally cataloged as CVE-2022-0847, the vulnerability allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root. The colloquial moniker seems to be a play on the infamous Dirty Cow bug and a Linux mechanism called pipeline for inter-process message passing, since the latter is used during the exploitation routine.
— BLASTY (@bl4sty) March 7, 2022
How serious is Dirty Pipe for Android users?
Due to the fact that Linux kernel version 5.8 (or above) has only been an Android option since Android 12, legacy devices aren’t affected. However, smartphones based on the Qualcomm Snapdragon 8 Gen 1, MediaTek Dimensity 8000 and Dimensity 9000, Samsung Exynos 2200, and the Google Tensor SoC are vulnerable to the Dirty Pipe flaw because of their launch kernel builds.
— Gab̴̯̚i̶̳̇ C̵̯͖̈͗͒͐i̷͖̘̭͑̈͊r̷͙̞̽͛̿ľ̸̢i̴̧̱͓̅ĝ̵͇͍͕̙ (@hookgab) March 7, 2022
Keep in mind that Dirty Pipe in itself is not an exploit, but rather a vulnerability. However, this vulnerability allows for modifying a binary used by a privileged service or creating a new user account with root privileges. By exploiting this vulnerability, a malicious user space process can technically have unfettered root access on a victim’s device.
What has Google done so far to combat Dirty Pipe?
According to Kellermann, Google merged his bug fix with the Android kernel last month, just after it was fixed with the release of Linux kernel versions 5.16.11, 5.15.25, and 5.10.102. Having said that, we will probably need to wait a bit before OEMs start rolling out Android updates containing the fix. Google’s in-house Pixel 6, for example, is still vulnerable, but power users can mitigate the flaw by installing an aftermarket patched custom kernel as a fallback option.
Mobile App Development Best Practices – 02.10
Data.ai has summarized the interim results of the year – and once again we have a record. Annual consumer spending...
How to Use Kotlin’s Timing API
Kotlin’s Timing API is stable as of Kotlin 1.9, and it offers some great ways to both measure and specify...
Candy Crush made $20 billion
King attributes its huge success to several factors, including not only the games themselves, but also the company's commitment to...
FittedSheets – Bottom sheets for iOS.
This project is to enable easily presenting view controllers in a bottom sheet that supports scrollviews and multiple sizes. Contributions...
ComposeFadingEdges – Android Compose UI with fading edges
The ComposeFadingEdges is a powerful Android Compose library that seamlessly incorporates customisable fading edges with horizontal or vertical orientations, static or scrollable...
Mobile Consumer Spend Surpasses $100 Billion in Record Time in 2023
Positive growth in mobile consumer spend continued in Q3 2023 at a solid 3.7% year-over-year. Downloads declined slightly over the...