One of the strongest points of the Linux kernel has primarily been its open source nature, which allows stakeholders to fork, modify and redistribute it in a way that suits their particular needs. But this very advantage of being open source acts like a double-edged sword when it comes to the existence of unpatched security vulnerabilities and corresponding exploitable scenarios. While developers and big name OEMs are hard at work enhancing the overall security of the Linux ecosystem (which also includes Android), new vulnerabilities and exploits keep popping up and slipping under the radar. The mistake this time seems to be quite serious, unfortunately.
The newest bad fish in the pond was discovered by security researcher Max Kellermann. Nicknamed Dirty Pipe, the vulnerability allows overwriting data in arbitrary read-only files. Although it has already been patched in the mainline Linux kernel, the bug could potentially be weaponized in the form of a privilege-escalation exploit on every device out there running Linux kernel version 5.8 or newer. It also means that a bunch of newly released Android smartphones, such as the Samsung Galaxy S22 and the Google Pixel 6 are vulnerable as well, until each device receives the appropriate kernel patch from the respective OEM.
The origin of Dirty Pipe
Kellermann stumbled upon the anomaly back in April 2021, but it took him another few months to come up with a proof-of-concept exploit. Formally cataloged as CVE-2022-0847, the vulnerability allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root. The colloquial moniker seems to be a play on the infamous Dirty Cow bug and a Linux mechanism called pipeline for inter-process message passing, since the latter is used during the exploitation routine.
— BLASTY (@bl4sty) March 7, 2022
How serious is Dirty Pipe for Android users?
Due to the fact that Linux kernel version 5.8 (or above) has only been an Android option since Android 12, legacy devices aren’t affected. However, smartphones based on the Qualcomm Snapdragon 8 Gen 1, MediaTek Dimensity 8000 and Dimensity 9000, Samsung Exynos 2200, and the Google Tensor SoC are vulnerable to the Dirty Pipe flaw because of their launch kernel builds.
— Gab̴̯̚i̶̳̇ C̵̯͖̈͗͒͐i̷͖̘̭͑̈͊r̷͙̞̽͛̿ľ̸̢i̴̧̱͓̅ĝ̵͇͍͕̙ (@hookgab) March 7, 2022
Keep in mind that Dirty Pipe in itself is not an exploit, but rather a vulnerability. However, this vulnerability allows for modifying a binary used by a privileged service or creating a new user account with root privileges. By exploiting this vulnerability, a malicious user space process can technically have unfettered root access on a victim’s device.
What has Google done so far to combat Dirty Pipe?
According to Kellermann, Google merged his bug fix with the Android kernel last month, just after it was fixed with the release of Linux kernel versions 5.16.11, 5.15.25, and 5.10.102. Having said that, we will probably need to wait a bit before OEMs start rolling out Android updates containing the fix. Google’s in-house Pixel 6, for example, is still vulnerable, but power users can mitigate the flaw by installing an aftermarket patched custom kernel as a fallback option.
Mobile \ Read more \ 01.12
iOS TextEditor in SwiftUI Use Firestore and Firebase Realtime Database with Combine @dynamicCallable in Swift explained with code examples Never...
SwiftUI at Scale
Tips & Tricks for using SwiftUI on large-scale projects involving multiple developer teams working together.
Awesome CTO – Resources for Chief Technology Officers and VP R&D
A curated and opinionated list of resources for Chief Technology Officers and VP R&D, with the emphasis on startups and...
Mobile \ Read more \ 30.11
iOS Requesting App Store Ratings with SwiftUI Morphing Nodes Under SceneKit Constraints in SceneKit — Exploring Advanced Camera Controls Animated...
AWS SimSpace Weaver Builds a City Simulator in the Cloud
It is available starting today in select AWS Regions.
Paparazzi – Render your application screens without a physical device or emulator
Paparazzi – An Android library to render your application screens without a physical device or emulator. Paparazzi Plugin – IntelliJ...