A vulnerability was found in the pixel 6 and Galaxy S22 models kernel. The flaw, discovered by researcher Zhenpeng Lin, allows you to disable SELinux security protections, enabling data reading/writing and ensuring access to protected system functions. The problem may also affect other Android devices with Linux 5.10 kernel versions.
Zhenpeng did not reveal many technical details about how the vulnerability worked, but shared a video on Twitter running it on a Pixel 6 Pro. In it, the researcher can disable SELinux protections to gain access to secure system layers.
Based on the video, which shows some kind of script or scanning process, it appears that a hacker can identify and exploit a portion of the device’s memory. The researcher states that the error affects smartphones with Linux kernel 5.10, including the Galaxy S22 line, Pixel 6 and other devices released with Android 12.
According to Android Police, until last Tuesday night (5), Google had not yet been informed about the vulnerability, but Zhenpeng said he would be preparing a full report to send the company containing the necessary details.
However, considering how Google security packages are built and released, it is possible that this issue will be resolved only in the September update.
To find out if your phone is at risk, simply check the kernel version by going to the settings menu. On most devices, this information can be found in the “About the phone” section or just by typing “kernel” in the search bar.
Finding vulnerabilities is a profitable business
The fact that the researcher did not disclose details about the vulnerability is not unusual. In fact, many only do this when attempts to contact the companies involved do not generate results.
There is a reason for this “secret”: public disclosure can affect the payment of bug rewards. Last year, Google distributed $8.7 million to researchers. Currently, the company says it pays up to $250,000 for kernel vulnerabilities.
Therefore, if the failure is confirmed, in addition to helping the safety of many users, Zhenpeng can raise a significant amount of money.