One of the best things about the Linux kernel has been that it is open-source, which means that anyone can fork, change, and distribute it in a way that fits their own needs. But when it comes to security flaws that haven’t been fixed, the fact that the software is open source can be a double-edged sword.
A lot of people are working on making the Linux ecosystem more secure, but new bugs and exploits keep popping up and going unnoticed. This is true for both Android and other Linux-based systems. The mistake this time looks to be a lot worse than the last one.
When security researcher Max Kellermann looked into the pond, he found a new fish that was bad. The bug, which is called “Dirty Pipe,” lets you overwrite data in any read-only files. Despite having been fixed in the mainline Linux kernel, the bug could still be used in a way that could give someone more power on any device that has a Linux kernel version 5.8 or better. It also means that a lot of new Android phones, like the Samsung Galaxy S22 and the Google Pixel 6, can be hacked until they get the right kernel patch from their manufacturers.
The origin of Dirty Pipe
Back in April of 2021, Kellermann found an anomaly. It took him a few more months to come up with a proof of concept for a way to get around it. CVE-2022-0847 is the formal name for vulnerability. It allows a non-privileged user to insert and overwrite data in read-only files, even if the process is running as root. The term “dirty cow” and “pipeline” seem to be a play on the famous “dirty cow” bug and a Linux feature called “pipeline,” which is used during the exploitation process.
Is Dirty Pipe a big deal for Android users?
People who own older phones and tablets won’t have to worry about this because Android 12 only has a Linux kernel version 5.8 or above. It’s also possible for phones with the Qualcomm Snapdragon 8 Gen 1, the MediaTek Dimensity 8000 and 9000, Samsung Exynos 2200, and the Google Tensor SoC to be infected by the Dirty Pipe flaw because of the launch kernels they had.
Keep in mind that Dirty Pipe is not an attack, but rather a weakness. However, this flaw allows you to change a binary used by a privileged service or make a new user account with root privileges. By taking advantage of this flaw, a malicious user-space process could have root access to a victim’s computer. Read also; Dynabook refreshes with 12th-gen Intel Processors
What has Google done so far to combat Dirty Pipe?
He says that last month, just after the Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 were released, Google added his bug fix to the Android kernel. Having said that, we may have to wait a while for Android updates with the fix to come out. Google’s own Pixel 6 is still at risk, but power users can mitigate the flaw by installing a custom kernel from an outside source that has been patched. Read more; Microsoft to Support 10,000 African Startups
Though having more people look over the code makes it less likely that we’ll miss something that’s very important, the rise of Dirty Pipe and other exploits shows that we’re all still human and will make a mistake. There is often a lot of “fragmentation” at play here, as a lot of these exploits have been fixed in newer kernel releases, but many of these devices will never be able to use them.
OEMs are to blame for a lot of this, and things like this aren’t going to change any time soon, especially in the entry-level smartphone market. We at XDA welcome the fact that people can get root access, but we don’t like root exploits like this one, which could be dangerous to people who use them.