Android’s Could safety replace is out, and which means the Pixel 6 is lastly getting a patch for the Soiled Pipe vulnerability. The replace comes one month after Samsung shipped Google’s patch to the Galaxy S22, however not less than it is lastly arriving.
Soiled Pipe, aka CVE-2022-0847, is likely one of the largest Linux vulnerabilities to return round lately. The vulnerability lets an unprivileged consumer overwrite knowledge that’s imagined to be read-only, which may result in further privilege escalation. Android really has a working demo of this. Twitter consumer @Fire30_ demoed utilizing the bug to root a Pixel 6. Linux units working 5.8 and up are affected, and after the vulnerability was found on February 19, patches for PC distributions of Linux began rolling out after 17 days.
Android has been a distinct story, although. First, not that many units run Linux kernel 5.8 but. Regardless of that model releasing in August 2020, Android solely jumped from 5.4 to five.10 with the discharge of Android 12 in November. Since current units sometimes do not soar main kernel variations once they get an Android replace, which means solely new units coming with Android 12 have kernel 5.10. That is a really small variety of new units that launched prior to now eight months or so—specifically the Pixel 6, Galaxy S22, and OnePlus 10 Professional.
In response to the researcher who found the flaw, Google fastened Soiled Pipe within the Android codebase on February 23. Samsung took that code from Google and rolled it out to the Galaxy S22 final month, however Google ended up ready an entire additional month, and it is lastly arriving to Pixel 6 customers this week. OnePlus remains to be a laggard.
Google categorizes Soiled Pipe as solely “excessive” severity, which explains why the corporate hasn’t rapidly pushed out an replace. Soiled Pipe would not hit the extent of a “crucial” vulnerability on Android as a result of it isn’t remotely exploitable. You have to have native entry to make use of the exploit, and so long as there aren’t any different identified vulnerabilities, you ought to be secure for those who do not set up something malicious.
In different Android replace information, the tip of the road for the midrange Pixel 3a is in sight. With three years of main OS updates, Could 2022 marks the Pixel 3a’s final formally promised OS launch. Google informed 9to5Google that the gadget would get one remaining replace by July 2022.