'Dirty Pipe' Bug Putting Flagship Android 12 Devices At Risk; Google Pixel 6, Samsung S22 Series Affected

A highly serious Linux kernel vulnerability known as "Dirty Pipe" is affecting the Google Pixel 6, Samsung Galaxy S22, and several other new Android 12 devices. Malicious software can use this flaw- 'Dirty Pipe' bug to get system-level access and alter data in read-only files on the system.

The vulnerability was first discovered in the Linux kernel and was later replicated on Pixel 6 by a security researcher. Google was also made aware of its presence in order to roll out a patched system upgrade.

How is 'Dirty Pipe' Bug Incorporated?

The 'Dirty Pipe' vulnerability was discovered by security researcher Max Kellermann of the German Web development company CM4all. Other researchers were able to outline the consequences of the security flaw, which has been labelled CVE-2022-0847, shortly after Kellermann officially exposed the bug this week.

According to Kellermann, the problem has been present in the Linux kernel from version 5.8; however it was addressed in Linux 5.16.11, 5.15.25, and 5.10.102. It's comparable to the 'Dirty COW' vulnerability, but the researcher claims it's easier to exploit. The vulnerability known as 'Dirty COW' affected Linux kernel versions prior to 2018. It also affected Android users, though Google addressed the flaw in December 2016 with a security patch.

An intruder can get access to read-only files on the Linux system by leveraging the 'Dirty Pipe' vulnerability. By getting backdoor access, hackers may be able to generate unauthorised user accounts, change scripts, and binaries.Considering Android is based on the Linux kernel, the flaw has the power to affect smartphone users as well.

However, it is currently limited, due to the fact that most Android deployments do not use the Linux kernel versions impacted by the bug.

'Dirty Pipe' Bug Vulnerability Consequences

The researcher revealed that if the device was susceptible, the 'Dirty Pipe' bug might be used to get full root access. This implies software may read and modify encrypted WhatsApp communications, intercept validation SMS messages, simulate users on unauthorized websites, and even remotely control any banking apps installed on the smartphone to steal money.

Kellermann was able to duplicate the flaw on the Google Pixel 6 and informed the Android security team about it in February. Shortly after receiving the researcher's report, Google incorporated the issue patch into the Android kernel. It's unclear whether the flaw was resolved in the March security patch, which was originally released this week.

According to Ron Amadeo of Ars Technica, the flaw affects the Samsung Galaxy S22 devices in addition to the Pixel 6. Due to the 'Dirty Pipe' issue, several other devices running Android 12 out-of-the-box are expected to be vulnerable to assaults.

It is strongly recommended that users should not download programmes from untrusted sites. It's also suggested to stay away from untrustworthy apps and games, and make sure your device is up to date with security fixes to avoid any such bug enter the device.