CATEGORIES
home News

Google Won’t Send Dirty Cow Linux Exploit To Digital Slaughterhouse Until December

by Brandon HillWednesday, November 09, 2016, 11:10 AM EDT
In late October, we were all alerted to the existence of the Dirty COW exploit, which has been lurking in the Linux kernel ever since 2007. Dirty COW gets its name from the fact that the exploit takes advantage of the Linux copy-on-write (COW) function.

At its core, Dirty COW is a privilege escalation exploit that has some pretty serious consequences for Linux-based operating systems, including Android. The exploit could allow an attacker to gain root access to just about any Android device (under nearly perfect conditions).

dirty COW

“The problem comes down to the fact that there was a logic error in the Linux kernel that said you could exercise a race condition so that before the kernel separates pages that are marked dirty, it would let you write to the original page,” wrote Red Hat Security Strategist Josh Bressers when the exploit was first publicized. “At the same time, another part of the process is writing to it. It allows you to change a file on the disk you shouldn’t be able to change.”

If you were expecting for Google to swiftly release a patch to eradicate Dirty COW for its own hardware, those hopes have been dashed. Google typically releases new firmware updates for its Nexus (and now Pixel) devices on the first Monday of every month. Google issued 2016-11-05 (Complete security patch level), which contains fixes for 21 critical vulnerabilities  (including a fix for Drammer DRAM attack). Drammer specifically targeted the ION memory allocator.

As for Dirty COW, that fix has been relegated to supplementary security patch level 2016-11-06. OEMs at their discretion can implement 2016-11-06 at any time, and Samsung has already chosen to do so with select Galaxy smartphones in its November security update. Google, on the other hand, is not requiring its Android partners to fully implement the Dirty COW fix until security patch level 2016-12-01 next month. It is at the time that Google’s own Nexus and Pixel devices will also receive the fix.

Tags:  Android, Linux, Google, (nasdaq:goog), dirty cow
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment