Google has introduced month-to-month security patches for Android with fixes for 37 flaws throughout diverse parts, just one of which is a resolve for an actively exploited Linux kernel vulnerability that arrived to light-weight earlier this yr.
Tracked as CVE-2021-22600 (CVSS score: 7.8), the vulnerability is ranked “High” for severity and could be exploited by a community person to escalate privileges or deny provider.
The issue relates to a double-totally free vulnerability residing in the Packet network protocol implementation in the Linux kernel that could lead to memory corruption, possibly major to denial-of-provider or execution of arbitrary code.
Patches were launched by distinctive Linux distributions, such as Debian, Crimson Hat, SUSE, and Ubuntu in January 2022.
“There are indications that CVE-2021-22600 could be below constrained, qualified exploitation,” Google mentioned in its Android Security Bulletin for Could 2022. Specifics about the mother nature of the assaults are unknown as still.
It can be worth noting that the vulnerability has also been included by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Recognised Exploited Vulnerabilities Catalog as of very last month primarily based on proof of energetic exploitation.
Also fastened as aspect of this month’s patches are 3 other bugs in the kernel as effectively as 18 significant-severity and a person critical-severity flaw in MediaTek and Qualcomm elements.
Discovered this short article attention-grabbing? Observe THN on Fb, Twitter and LinkedIn to read additional exceptional information we write-up.
Some parts of this article are sourced from:
thehackernews.com