Google has released monthly security patches for Android with fixes for 37 flaws throughout distinctive factors, a person of which is a take care of for an actively exploited Linux kernel vulnerability that came to gentle previously this yr.
Tracked as CVE-2021-22600 (CVSS rating: 7.8), the vulnerability is rated “Substantial” for severity and could be exploited by a nearby user to escalate privileges or deny provider.
The issue relates to a double-no cost vulnerability residing in the Packet network protocol implementation in the Linux kernel that could cause memory corruption, probably primary to denial-of-company or execution of arbitrary code.
Patches ended up unveiled by diverse Linux distributions, like Debian, Pink Hat, SUSE, and Ubuntu in January 2022.
“There are indications that CVE-2021-22600 may perhaps be underneath limited, targeted exploitation,” Google noted in its Android Security Bulletin for May possibly 2022. Details about the character of the attacks are unknown as but.
It really is well worth noting that the vulnerability has also been extra by the U.S. Cybersecurity and Infrastructure Security Company (CISA) to its Identified Exploited Vulnerabilities Catalog as of very last month primarily based on evidence of active exploitation.
Also fastened as portion of this month’s patches are three other bugs in the kernel as effectively as 18 significant-severity and a single critical-severity flaw in MediaTek and Qualcomm factors.
Discovered this posting appealing? Stick to THN on Fb, Twitter and LinkedIn to browse extra special material we write-up.
Some parts of this short article are sourced from: