Security researcher and PhD student at Northwestern University, Zhenpeng Lin, discovered a serious vulnerability affecting the kernel in androiddevices such as the Pixel 6 series or Galaxy S22. The exact details of how this vulnerability works have not yet been released for security reasons, but the researcher claims that it can allow arbitrary read and write, privilege escalation, and disable protection of Linux's SELinux security feature.
Gallery
Zhenpeng Lin posted a video on Twitter purporting to show how the vulnerability on the Pixel 6 Pro was able to gain root and disable SELinux. With such tools, a hacker could do a lot of damage to a compromised device.
The latest Google Pixel 6 pwned with a 0day in kernel! Achieved arbitrary read/write to escalate privilege and disable SELinux without hijacking control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected 🙂 pic.twitter.com/UsOI3ZbN3L
— Zhenpeng Lin (@Markak_) July 5, 2022
According to several details shown in the video, this attack may use some kind of memory access abuse to perform malicious activity, potentially like the recently discovered Dirty Pipe vulnerability that affected Galaxy S22, Pixel 6 and others androidova devices that were launched with the Linux kernel version 5.8 on Androidu 12. Lin also said that the new vulnerability affects all phones running Linux kernel version 5.10, which includes the current Samsung flagship series mentioned.
You could be interested in
Last year, Google paid out $8,7 million (approximately CZK 211,7 million) in rewards for discovering bugs in its system, and currently offers up to $250 (approximately CZK 6,1 million) for finding vulnerabilities at the kernel level, which is apparently this is the case. Neither Google nor Samsung have yet commented on the matter, so it's unclear at this point when the new Linux kernel exploit might be patched. However, due to the way Google's security patches work, it's possible that the relevant patch won't arrive until September. So we have no choice but to wait.
