If you recall, the Android 12 QPR3 Beta 2 that rolled out to the Pixel 6 duo in April did fix the Dirty Pipe vulnerability. However, Google didn’t mention it in the release notes. Only those who installed the beta software could see that the devices are running a newer Linux kernel version that patches the bug. This wasn’t very clever of the company though. It forced users to either install beta software or keep their devices vulnerable to the critical bug. Many users didn’t even know that the beta release patches Dirty Pipe. Thankfully, Google has now included the patch in the May security update. As spotted by 9to5Google, the latest Android Security Bulletin explicitly mentions the Common Vulnerabilities and Exposures (CVE) number CVE-2022-0847 that the company assigned to the bug in February. The publication also confirmed that the update introduces a newer Linux kernel version. It’s older than what rolled out with the Android 12 QPR3 Beta 2 but it’s new enough to be safe from the Dirty Pipe vulnerability.
Google finally patches the Dirty Pipe vulnerability on the Pixel 6
Dirty Pipe is a Linux kernel vulnerability that allows a remote attacker to gain system-level access to your device. This would enable the attacker to take full control of the device without any authorization from your end. The bug affected Android devices running Linux kernel version 5.8 or newer. These include Google’s Pixel 6 series and Samsung’s Galaxy S22 series. This vulnerability was publicly disclosed in March 2022, after it was patched at the Linux level and Google had merged the patch into the Android kernel. However, the fix didn’t roll out to any Affected Android devices in March. Samsung eventually patched it on the Galaxy S22 series with the April security update. But Google left its Pixel 6 duo vulnerable to Dirty Pipe. The Pixel 6 and 6 Pro did get the fix as part of Android 12 QPR3 Beta 2 last month. But Google’s decision of rolling out the patch with beta software and without mentioning it in the release notes was far from ideal. Thankfully, it didn’t stretch things any further. If you’re using the latest Google phones, make sure to install the May security update as soon as you can.