Researcher finds Android zero-day vulnerability impacting Google Pixel 6, Samsung Galaxy S22, and more

Researcher finds Android zero-day vulnerability impacting Google Pixel 6, Samsung Galaxy S22, and more

Android security has come a long way in recent years. The fostering of monthly security patches has kept hundreds of threats at bay, while Google Play Protect is there to bar malware from the Play Store. However, there are still instances where rogue actors can exploit vulnerabilities hidden within in Android’s code for nefarious purposes. Zhenpeng Lin, a security researcher and Northwestern University PhD student, recently discovered such a vulnerability on the Google Pixel 6, and you may be at risk even after installing the latest July 2022 security update.

The vulnerability in question affects the kernel portion of Android, allowing the attacker to gain arbitrary read and write access, root privilege, and the authority to disable SELinux. With this kind of privilege escalation, a malicious actor could tamper with the operating system, manipulate built-in security routines, and do a lot more harm.


While Lin demonstrated the exploit on the Google Pixel 6, a handful of current-gen Android devices are susceptible to this particular zero-day threat, including the Google Pixel 6 Pro and the Samsung Galaxy S22 family. In fact, the vulnerability affects every Android device running Linux kernel version 5.10. The regular Linux kernel is affected as well, according to Lin.

Notably, the precise details of the vulnerability have not been publicly released. Lin, however, is set to appear in Black Hat USA 2022 along with two other researchers named Yuhang Wu and Xinyu Xing. As per the brief of their presentation — “Cautious: A New Exploitation Method! No Pipe but as Nasty as Dirty Pipe” — the attack vector is essentially a generalized, yet more powerful version of the infamous Dirty Pipe vulnerability. Furthermore, it can be extended to achieve container escape on Linux too.

While Google has already been informed, we have yet to see any public CVE reference for the vulnerability. Given how Google’s security patches work, we might not see this issue addressed until the September patch rolls out. The good news is that it’s not an RCE (remote code execution) that can be exploited without user interaction. In our opinion, it may make sense to hold off installing random apps from non-trusted sources until after the patch is installed.

Source: Zhenpeng Lin on Twitter, Black Hat
Via: Mishaal Rahman

About author

Skanda Hazarika
Skanda Hazarika

DIY enthusiast (i.e. salvager of old PC parts). An avid user of Android since the Eclair days, Skanda also likes to follow the recent development trends in the world of single-board computing.

We are reader supported. External links may earn us a commission.