Critical Linux Kernel Zero-Day Flaw Affects Several Flagship Android Devices

A security expert recently disclosed a zero-day vulnerability in the Linux kernel that would allow attackers to perform a devastating series of attacks on compromised devices.
Northwestern University PhD student and kernel-focused cybersecurity expert Zhenpeng Lin announced he discovered the vulnerability on the Google Pixel 6 and mentioned it also affects the Pro version of the handset. Furthermore, Lin clarified that this vulnerability doesn’t seem to affect other versions of Google’s Pixel series.
“The latest Google Pixel 6 pwned with a 0day in kernel,” reads Lin’s tweet. “Achieved arbitrary read/write to escalate privilege and disable SELinux without hijacking control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected :)”
It was also confirmed that the vulnerability affects all phones based on kernel 5.10, including Samsung Galaxy S22. To make matters worse, the general Linux kernel is also susceptible to attacks leveraging this exploit, as Lin mentioned.
Currently, there are no additional details about the zero-day other than the ones specified in the researcher’s announcement on Twitter. However, Lin’s presence at Black Hat USA 2022, along with researchers Xinyu Xing and Yuhang Wu, could shed some light on the whole situation, as XDA Developers reported.
Google was notified about the critical vulnerability but has yet to release a public CVE reference. On the bright side, exploiting the flaw requires user interaction, unlike remote code execution (RCE) vulnerabilities.
Simply avoiding installing apps originating from non-trusted sources on your device could be enough mitigation in this case. Last but not least, it’s worth mentioning that Android devices based on kernel version 5.10 could be vulnerable even after installing the latest July 2022 security update.
Using specialized tools such as Bitdefender Mobile Security can help you achieve peace of mind with features like:
- Protection against link-based mobile scams
- Keeping your online identity safe with its VPN component
- Allowing you to locate, lock, and wipe your Android device remotely, if needed
- Email account breach notification
- Malware scanner
- App lock to prevent intrusions on your settings or private files
tags
Author
Right now
Top posts
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns
January 19, 2023
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022