Google Won’t Send Dirty Cow Linux Exploit To Digital Slaughterhouse Until December

In late October, we were all alerted to the existence of the Dirty COW exploit, which has been lurking in the Linux kernel ever since 2007. Dirty COW gets its name from the fact that the exploit takes advantage of the Linux copy-on-write (COW) function.

At its core, Dirty COW is a privilege escalation exploit that has some pretty serious consequences for Linux-based operating systems, including Android. The exploit could allow an attacker to gain root access to just about any Android device (under nearly perfect conditions).

dirty COW

“The problem comes down to the fact that there was a logic error in the Linux kernel that said you could exercise a race condition so that before the kernel separates pages that are marked dirty, it would let you write to the original page,” wrote Red Hat Security Strategist Josh Bressers when the exploit was first publicized. “At the same time, another part of the process is writing to it. It allows you to change a file on the disk you shouldn’t be able to change.”

If you were expecting for Google to swiftly release a patch to eradicate Dirty COW for its own hardware, those hopes have been dashed. Google typically releases new firmware updates for its Nexus (and now Pixel) devices on the first Monday of every month. Google issued 2016-11-05 (Complete security patch level), which contains fixes for 21 critical vulnerabilities  (including a fix for Drammer DRAM attack). Drammer specifically targeted the ION memory allocator.

As for Dirty COW, that fix has been relegated to supplementary security patch level 2016-11-06. OEMs at their discretion can implement 2016-11-06 at any time, and Samsung has already chosen to do so with select Galaxy smartphones in its November security update. Google, on the other hand, is not requiring its Android partners to fully implement the Dirty COW fix until security patch level 2016-12-01 next month. It is at the time that Google’s own Nexus and Pixel devices will also receive the fix.


Via:  Threat Post
Show comments blog comments powered by Disqus