Google has released the second installment of the May Android security patch, which includes a repair for a widely exploited Linux kernel flaw.
The vulnerability, dubbed CVE-2021-22600, is a privilege escalation weakness in the Linux kernel that threat actors can take advantage of with local access. Because Android runs on a modified Linux kernel, the flaw affects the entire operating system.
In January, Google researchers revealed the Linux vulnerability, as well as a solution that was responsibly shared to Linux makers. However, fixing this vulnerability in Google's own Android operating system took several months.
CISA announced in April that this vulnerability was being actively exploited in attacks and that it had been included to its 'Known Exploited Vulnerabilities Catalog.' Google admits that "CVE-2021-22600 may be under restricted, focused exploitation" in the May Android security advisory.
It's unclear how the vulnerability is being used in attacks, but it's most certainly being used to execute privileged instructions and spread across corporate Linux computers.
Recent Android versions (10, 11, 12, 13) have added increasingly stricter security features, making it difficult for malware to obtain the permissions required for sophisticated functionalities. As a result, exploiting weaknesses after infection to achieve elevated access isn't out of the question.
A second possible application for this vulnerability is device rooting tools, which users install and activate themselves to get root access on their devices.
Here's a rundown of other fixes made this month:
It's worth noting that the fix for CVE-2021-22600, as well as all other third-party vendor fixes, is available on the 2022-05-05 security patch level, not the initial security patch level published on May 1, 2022.
Regardless, all of these improvements will be included in the next month's first security patch level, which will be delivered on June 1, 2022.
This security patch does not apply to devices running Android 9 or older, and you should upgrade to a more recent Android OS version for security reasons.
Additional Google Pixel device patches were released this month, with one of them affecting just the most recent Pixel 6 Pro models that employ the Titan-M processor.
CVE-2022-20120, a major remote execution vulnerability affecting the bootloader, and CVE-2022-20117, a critical information disclosure flaw on Titan-M, are the two most interesting.