Google has released monthly security patches for Android with fixes for 37 vulnerabilities across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that has been released. released earlier this year.
Tracked as CVE-2021-22600 (CVSS score: 7.8), the vulnerability is rated “High” for severity and could be exploited by local users to elevate privileges or from service denial.
The issue involves a dual vulnerability not present in the implementation of the Packet networking protocol in the Linux kernel that could cause memory corruption, potentially leading to denial of service or arbitrary code execution.
Patches were released by various Linux distributions, including Debian, Red Hat, SUSE, and Ubuntu in December 2021 and January 2022.
“There are indications that CVE-2021-22600 could be subject to a limited, targeted exploit,” Google notes in its May 2022 Android Security Bulletin. nature of the attacks.
It should be noted that the vulnerability was also added to the List of Known Exploited Vulnerabilities by the US Cybersecurity and Infrastructure Agency (CISA) last month based on evidence of active exploits. pole.
Also fixed in the framework of this month’s patches are three other bugs in the kernel as well as 18 high severity vulnerabilities and one critical critical vulnerability in MediaTek and Qualcomm components.
