Kernel bug exposes Android to potential malware – Linux Dirty Pipe

If Android were a car engine, and you popped the hood and poked around a bit, you’d find the label “Linux” etched on the engine block. The open-source operating system provides the starting point that Android’s built on top of, but sharing code also means sharing vulnerabilities. Now a newly discovered Linux kernel bug is raising concerns for the security of Android devices, as it leaves a door open for malware intrusion.

The glitch in question has been dubbed “Dirty Pipe” by software engineer Max Kellerman, who provides a detailed writeup about the bug’s discovery. He first spotted some mysteriously corrupted log files last year, and his analysis of the problem revealed a kernel-level flaw that’s existed since 2020. The vulnerability lets software overwrite the system page cache, even for files where apps shouldn’t otherwise have permission. He determined that in the wrong hands the issue had potential for exploitation and alerted the team behind Linux kernel security. Properly coded malware could use this method to obtain full control of a vulnerable system by overwriting files as vital as the system’s root password.

Kellerman was also able to reproduce the bug on a Pixel 6, and reached out to let Google know. The company similarly prepared a fix, and merged it into the Android kernel. Right now, it’s just a matter of OEMs needing to incorporate that fixed kernel in future device updates.

For what it’s worth, Google confirmed to Android Police that Dirty Pipe did not play a role in delaying the release of Android 12L for the Pixel 6. Linux users, meanwhile, need to install their distro’s most recent security updates ASAP.