Security researcher Zhenpeng Lin discovered a new “zero-day” vulnerability. Linux kernel It can cause problems even on Android devices that received the July 2022 security patch. Some specific devices that may suffer from this lack of protection, pixel 6 of the Google and the entire range of smartphones Samsung Galaxy S22.
It seems that this vulnerability affects part of the Android kernel and opens an attack vector on any Android OS device running the Android OS. Linux kernel version 5.10. According to Lin, the normal Linux kernel is also affected.
If one were to take advantage of it, they could have arbitrary read and write access, root privilege, and authority over SELinux. This allows tamper with the operating systemmanage built-in security routines, among other things.
The attack vector may be a stronger generalized version of the vulnerability. dirty pipe.
The latest Google Pixel 6 is pwned with 0day at the core! Achieved random read/write to escalate privilege and disable SELinux without missing control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected 🙂 pic.twitter.com/UsOI3ZbN3L
— Zhenpeng Lin (@Markak_) July 5, 2022
The “less bad” part of discovery is that this vulnerability does not allow. remote code execution (RCE)can be discovered without user interaction. This means that the device owner must install a malicious app before the vulnerability can be exploited.
Details were not made public. Zhenpeng Lin has already informed Google about this Linux kernel issue. The July 2022 security patch won’t fix this loophole, but a fix should come with the August or September security patch.
-
Rear camera: 50 MP (f/1.8, 24mm, 1/1.57″, 1.0µm) + 10 MP (f/2.4, 70mm (telephoto), 1/3.94″, 1.0µm) + 12 MP (f/2.2, 13mm, 120˚) , 1/2.55″ 1.4µm)
-
Front camera: 10 MP (f/2.2, 26mm, 1/3.24″, 1.22µm)
-
Video: 4K@30/60fps, 1080p@30fps
Source: Tec Mundo
