Dirty Pipe …. Fixed or Not Fixed

Toggle sidebar Toggle sidebar
M

Maljunulo

Well-known member
Jan 17, 2016
553
146
43
This annoys me enough to start a thread.

Why can’t/won’t Google answer the straightforward question:

“Does theApril 2022 security patch fix Dirty Pipe, or does it not fix Dirty Pipe?”

The question seems to permit a simple, straightforward, unequivocal answer, “Yes, it does/No, it does not.”
 
I have Kernel version 5.10.6 so that should settle whether or not I am vulnerable.

The article cited is somewhat less than reassuring.
 
These news articles really need to clarify what they mean by being vulnerable. Android is quite secure and you basically have to be trying to actually get infected. I.e. Snooping around places on the web you should be and installing random apps thinking you're getting paid content for free. A person that can't swim is vulnerable to drowning, but only if they go near the water. If they stay on land, the risk is basically zero. Same with Android, don't you near the water if you don't want to drown.
 
Mooncatt said:
These news articles really need to clarify what they mean by being vulnerable. Android is quite secure and you basically have to be trying to actually get infected. I.e. Snooping around places on the web you should be and installing random apps thinking you're getting paid content for free. A person that can't swim is vulnerable to drowning, but only if they go near the water. If they stay on land, the risk is basically zero. Same with Android, don't you near the water if you don't want to drown.
Click to expand...

An interesting and very good point.

“These articles” really need to clarify many things. Precision of thought and language is not their strong point.
 
Maljunulo said:
Generally, I ignore them, but I figure if it merits an official patch it must be significant.
Click to expand...

Any security vulnerability should be patched, but that's just good business practice. The severity of the vulnerability can play into prioritization, but we would be hard pressed to find such a case that should make us want to be so concerned. I can only think of one time where we even came close to that line.

A researcher found a vulnerability that could allow an attacker to send malware via sms in such a way that the user wouldn't know a text came in, and it allowed data harvesting if I'm not mistaken. It's been several years, so the details are a little fuzzy. In that case, the exploit was discovered initially by the researcher, who responsibly reported it to Google. The patch was issued prior to public release of the info (you may recall many people reporting getting a surprise OS/security update well outside their phone's update period, this was why), and I don't think the exploit was ever discovered in an actual attack.
 
You must log in or register to reply here.

Similar threads

C
How to properly flash an android phone assumed to be software infected? I'm using Oneplus 6T
Replies
7
Views
4K
OnePlus 6 & 6T
Mooncatt
Mooncatt
Y
does ankle support s25 car chargers or not
Replies
10
Views
2K
Samsung Galaxy S25 Series
y2jman
Y
ironass
Vivo X Fold3 Pro Global-4 months on... still WOW!
Replies
5
Views
4K
General News & Discussion
ironass
ironass
J
Android 4.4.4 tablet revival
Replies
25
Views
4K
General Help and How To
mustang7757
mustang7757
MrAshMan
Samsung Galaxy S22 Ultra - Poor signal from LTE/5G (UK) (EXYNOS)
Replies
0
Views
5K
Samsung Galaxy S22 & S22+ & S22 Ultra
MrAshMan
MrAshMan

Latest posts

Trending Posts

Members online

Total: 1,630 (members: 11, guests: 1,619)

Forum statistics

Threads
955,709
Messages
6,965,563
Members
3,163,366
Latest member
piramm

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom