Pixel 6 finally getting a Dirty Pipe patch, one month after the Galaxy S22 | TechBuzz

- Advertisement -


Promotional image of cutting-edge smartphone.
Enlarge / The Pixel 6 Pro.


Android’s May security update is out, and that means the Pixel 6 is finally getting a patch for the Dirty Pipe vulnerability. The update comes one month after Samsung shipped Google’s patch to the Galaxy S22, but at least it’s finally arriving.

Dirty Pipe, aka CVE-2022-0847, is one of the biggest Linux vulnerabilities to come around in recent years. The vulnerability lets an unprivileged user overwrite data that is supposed to be read-only, which can lead to additional privilege escalation. Android actually has a working demo of this. Twitter user @Fire30_ demoed using the bug to root a Pixel 6. Linux devices running 5.8 and up are affected, and after the vulnerability was discovered on February 19, patches for PC distributions of Linux started rolling out after 17 days.

- Advertisement -

Android has been a different story, though. First, not that many devices run Linux kernel 5.8 yet. Despite that version releasing in August 2020, Android only jumped from 5.4 to 5.10 with the release of Android 12 in November. Since existing devices typically don’t jump major kernel versions when they get an Android update, that means only new devices coming with Android 12 have kernel 5.10. That’s a very small number of brand-new devices that launched in the past eight months or so—namely the Pixel 6, Galaxy S22, and OnePlus 10 Pro.

According to the researcher who discovered the flaw, Google fixed Dirty Pipe in the Android codebase on February 23. Samsung took that code from Google and rolled it out to the Galaxy S22 last month, but Google ended up waiting a whole extra month, and it’s finally arriving to Pixel 6 users this week. OnePlus is still a laggard.

The Pixel 3a, Google's first midrange Pixel phone, will soon be dead.
Enlarge / The Pixel 3a, Google’s first midrange Pixel phone, will soon be dead.

Google

- Advertisement -

Google categorizes Dirty Pipe as only “high” severity, which explains why the company hasn’t quickly pushed out an update. Dirty Pipe doesn’t hit the level of a “critical” vulnerability on Android because it’s not remotely exploitable. You need to have local access to use the exploit, and as long as there are no other known vulnerabilities, you should be safe if you don’t install anything malicious.

In other Android update news, the end of the line for the midrange Pixel 3a is in sight. With three years of major OS updates, May 2022 marks the Pixel 3a’s last officially promised OS release. Google told 9to5Google that the device would get one final update by July 2022.



Source link

- Advertisement -
Adminhttp://techbuzz.asia
I am admin of techbuzz.asia blog & I provide tech-related news. As a part of my hobby, I make content related to technology and gadgets reviews too. I love to be a content creator apart from it, I am a full-time employee in an MNC company and manage blogs systematically. You can mail me at [email protected]

More from author

Related posts

Advertisment

Latest posts

Xiaomi Mega Bundle: Redmi Note 11, Earbuds & 10 GB for less than €13/month | TechBuzz

Are you looking for a powerful smartphone including a tariff at a reasonable price? In the Curved Shop you can get the Xiaomi...

WWDC: macOS Alcatraz? | TechBuzz

The name macOS Alcatraz was, of course, just a joking name for Apple's next operating system. Nevertheless, in this issue we also speculated about...

Windows 11 version 22H2 – a new major update coming to us in the second half of the year | TechBuzz

Microsoft is currently working intensively on a new version of Windows known as 22H2 version and codenamed Sun Valley 2. This is the...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!