Phone

A security researcher recently discovered a new zero-day vulnerability in the Linux kernel, and it appears to put at risk even Android devices that have received the July 2022 security patch. The Google Pixel 6 was confirmed to be vulnerable, and so was the Galaxy S22 series.

In fact, the yet-to-be-named vulnerability seemingly opens an attack vector on any Android OS device that runs Linux kernel version 5.10. The vulnerability was demonstrated by Zhenpeng Lin on Twitter using the Pixel 6 and in a brief presentation titled “Cautions: A New Exploitation Method! No Pipe but as Nasty as Dirty Pipe.” (via XDA-Developers)

A fix could be coming with next month's security patch

This new vulnerability affecting Android devices running Linux kernel version 5.10 can allow an attacker to gain arbitrary read and write access, root privilege, and authority over SELinux. It was compared to the Dirty Pipe vulnerability that was addressed through recent security patches.

Fortunately, this new zero-day vulnerability doesn't allow for remote code execution (RCE). In other words, it requires user interaction, i.e., the installation of malicious apps designed to exploit this vulnerability, so it can theoretically be avoided with ease and a little bit of caution.

The security researcher has informed Google, and a security patch should be on the way. Keep in mind that the July 2022 security patch is already rolling out and doesn't fix this issue. Galaxy S22 customers will have to wait for the August-or-later security update to be completely safe from this newfound attack vector. We'll keep you posted.

Samsung Galaxy device users can check the kernel version by opening the Settings app, accessing “About phone,” and tapping “Software info.”

The latest Google Pixel 6 pwned with a 0day in kernel! Achieved arbitrary read/write to escalate privilege and disable SELinux without hijacking control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected 🙂 pic.twitter.com/UsOI3ZbN3L
— Zhenpeng Lin (@Markak_) July 5, 2022

Join SamMobile’s Telegram group and subscribe to our YouTube channel to get instant news updates and in-depth reviews of Samsung devices. You can also subscribe to get updates from us on Google News and follow us on Twitter.

[modelinfo model=”SM-S908B”]
[modelinfo model=”SM-S906B”]
[modelinfo model=”SM-S901B”]

Mihai Matei - Blogger

[email protected]

First Samsung device: SGH-A800

Mihai is a blogger and column writer at SamMobile. His first Samsung phone was an A800 which took a lot of beating, and a part of him still misses the novelty of the clamshell design. In his free time, he enjoys watching shows, documentaries, and stand-up comedy; listening to music, taking walks, and occasionally playing old(er) video games.

Phone Galaxy S22 Galaxy S22 Plus Galaxy S22 Ultra Google

Samsung Galaxy S22 series threatened by a new Linux kernel vulnerability

A fix could be coming with next month's security patch

Mihai Matei - Blogger

[email protected]

First Samsung device: SGH-A800

You might also like

Is your Galaxy smartphone getting the One UI 7 update yet?

Galaxy S22 series gets the One UI 7 update

Galaxy S22+ running One UI 7 shows key AI features are missing

Samsung One UI 8 update: Eligible Galaxy phones and tablets