Google addresses actively exploited Android flaw in the kernel

by certadmin

Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw.

Google has released the second part of the May Security Bulletin for Android, which includes a fix for an actively exploited Linux kernel vulnerability tracked as CVE-2021-22600.

The CVE-2021-22600 is a privilege escalation issue that resides in the Linux kernel, an attacker can trigger it via local access. In April, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities Catalog.

Google disclosed the flaw in January, but it was addressed for Android OS only this month.

“There are indications that CVE-2021-22600 may be under limited, targeted exploitation” reads the bulletin published by Google.

The company did not disclose the details of the attacks exploiting this flaw.

The bulletin addressed five flaws in Framework, eight in the System, four in the Kernel components, three in the MediaTek components, five in the Qualconm Components, end eleven in the Qualcomm closed-source components.


To read the original article:

https://securityaffairs.co/wordpress/130960/security/android-actively-exploited-flaw.html

Top

Interdit de copier  ce contenu