Déjà vu: Another serious security vulnerability discovered in Pixel 6 and Galaxy S22

2comments
Déjà vu: Another serious security vulnerability discovered in Pixel 6 and Galaxy S22
It was only in May that Google rolled out a fix for the Dirty Pipe Linux vulnerability that could have let malicious apps get full system control. Some of the best recent Android phones like the Google Pixel 6 duo, the Samsung Galaxy S22 family, and the Xiaomi 12 Pro were affected. Another serious vulnerability has now been discovered and it again puts the Pixel 6 and Galaxy S22 at risk.

Kernel security expert Zhenpeng Lin has discovered a flaw in the Pixel 6 that could give read/write privileges to bad actors and allow them to disable the Security-Enhanced Linux (SELinux) architecture that allows administrators to have more control over who can access a particular system.

The bug affects all handsets based on Linux kernel version 5.10, including the Pixel 6 Pro and the Galaxy S22 range. The list may also include other recent devices that launched with Android 12.


Lin has shown the bug in action on Twitter. Android Police reports that Google was informed about it after the video was put up on Twitter. This is unlikely to obliterate his chances of getting a payout from the Mountain View giant though because he did not disclose the full set of instructions for how the vulnerability works.

Apparently, an attacker could use some sort of memory access exploit to wreak havoc. This is similar to how the Dirty Pipe vulnerability affected the Galaxy S22 and Pixel 6 which were released with Linux Kernel versions 5.8.

Lin thinks the video is just a proof of concept and was published to warn end-users before the problem is fixed. He hasn't said what users should do to protect themselves.

Google and Samsung are yet to speak about the issue so it's hard to say when it might be patched. Android Police believes that given how things work, a fix could arrive in September. Other vendors are free to act faster and issue a fix before Google, which is what Samsung did with Dirty Pipe.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless