Technology

‘Dirty Pipe’ vulnerability puts Android 12 phones at risk, including flagships such as Pixel 6

A vulnerability in the Linux kernel called “Dirty Pipe” puts mobile devices running Android 12 at risk. This also impacts flagship phones such as the Pixel 6 series and potentially the Galaxy S22 series as well. The issue is impacting newer devices on Android 12, according to reports, though users are advised to update to the latest version of the software, including the security updates, which are release every month. It is not clear if Google’s latest security update fixes the flaw.
Due to the issue, malicious applications and software can gain root-level access to the device and use it to overwrite data on protected read-only files.
What is Dirty Pipe flaw? 
The vulnerability was named after “Dirty Cow”, a similar ‘privilege-escalation’ vulnerability that was discovered and fixed in 2016. Privilege escalation is when unauthorised applications and processes can gain access to a system exploiting a vulnerability. The “pipe” part of the vulnerability’s nomenclature comes from the fact that it exploits pipes, which are tools used Linux system processes to communicate with each other. Dirty Pipe is reportedly easier to exploit than Dirty Cow.
Max Kellerman, a security researcher at German web development and hosting company CM4all, initially discovered the vulnerability a year ago when one of the company’s clients raised a support ticket after finding a corrupt file on their system. The researcher discovered the flaw in the course of his research on what caused this file corruption. He was eventually able to reproduce the error on the Google Pixel 6 and sent a bug report to the Android Security Team.
He also sent a patch to LKML (Linux Kernel mailing l) after being advised to do so multiple developers including Linus Torvalds, the creator of the Linux kernel. Meanwhile, according to Ars Technica’s RonAmadeo, the bug likes impacts the Galaxy S22 series as well, given it is on the Linux 5.8 kernel which is impacted. Samsung has not yet commented on the issue.
What exactly is the ‘Dirty Pipe’ flaw? How did Kellerman discover it? 
When Kellerman first encountered the issue he could not figured out what caused the problem and decided to manually fix the corrupt files. But after that first incident, the same issue started happening with multiple clients, and the number of corrupted files kept growing larger.
After probing the matter further scanning one client’s hard disk, Kellerman found a pattern: there were multiple corrupt files on the system. After eliminating all other possibilities, Kellerman arrived at an improbable conclusion: the error must be caused a bug in the Linux kernel.

“The kernel is an extremely complex project developed thousands of individuals with methods that may seem chaotic; despite of this, it is extremely stable and reliable. But this time, I was convinced that it must be a kernel bug,” Kellerman notes in a company blog post.
Kellerman then began reproducing the bug and found out that his initial assumption about the bug only being exploitable a privileged process was wrong. The attacker only needed read permissions to exploit it. Using this exploit, attackers could potentially rewrite all the read-only files on the device including encrypted messages, important system files and configuration information.
Google has merged Kellerman’s bug fix into the Android kernel and there are stable Linux releases with the same fix as well (5.16.11, 5.15.25, 5.10.102). However, it is still unclear whether the patch has been rolled out to all devices running Android 12.

Related Articles

Back to top button