PSA: Dirty Pipe, the Linux kernel root vulnerability, can be abused on the Samsung Galaxy S22 and Google Pixel 6 Pro
What happens when a Linux privilege-escalation vulnerability that also affects Android gets disclosed publicly? You got it! Security researchers and Android enthusiasts around the world try to take advantage of the newly found problem to create an exploit, which can be used to gain advanced access to your device (such as root or the ability to flash custom images). On the other hand, device makers and a few determined third-party developers quickly take the responsibility to patch the backdoor as soon as possible.
This is exactly what happened to CVE-2022-0847, a vulnerability dubbed “Dirty Pipe” in Linux kernel version 5.8 and later. We talked about the exploit in detail last week but didn’t explicitly cover the potential abusing scenarios on Android. Now, XDA Member Fire30 has demonstrated an exploit implementation around the kernel flaw that can give the attacker a root shell on the Samsung Galaxy S22 and the Google Pixel 6 Pro.
Dirty Pipe -> kernel r/w+selinux disabled+root shell on Pixel 6 Pro and Sasmsung S22 latest update 🙂 pic.twitter.com/WwhwjLyU5q
— Fire30 (@Fire30_) March 14, 2022
The key point here is that you don’t need any kind of unlocking or other trickery to make it work – the Dirty Pipe exploit allows the attacker to gain root-level access on the target device through a reverse shell via a specially crafted rogue app. At the time of writing, flagships like the Google Pixel 6 Pro and the Samsung Galaxy S22 are vulnerable to the attack vector even on their latest software releases, which shows the exploit’s potential. Since it can also set SELinux to permissive, there is virtually no hurdle against unauthorized control over the device.
From the perspective of the Android modding scene, Dirty Pipe might be useful to gain temporary root access on otherwise difficult-to-root Android smartphones, e.g., some regional Snapdragon variants of the Samsung Galaxy flagships. However, the window won’t last long as the vulnerability has already been patched in the mainline Linux kernel, and OEMs will probably roll out the fix as part of the upcoming monthly security updates. Nonetheless, stay away from installing apps from random sources for the time being to protect yourself. In the meantime, we expect that Google will push an update to the Play Protect to prevent the vulnerability from being exploited via rogue apps.