Security News > 2022 > May > Google Releases Android Update to Patch Actively Exploited Vulnerability
Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year.
Tracked as CVE-2021-22600, the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service.
The issue relates to a double-free vulnerability residing in the Packet network protocol implementation in the Linux kernel that could cause memory corruption, potentially leading to denial-of-service or execution of arbitrary code.
Patches were released by different Linux distributions, including Debian, Red Hat, SUSE, and Ubuntu in January 2022.
"There are indications that CVE-2021-22600 may be under limited, targeted exploitation," Google noted in its Android Security Bulletin for May 2022.
It's worth noting that the vulnerability has also been added by the U.S. Cybersecurity and Infrastructure Security Agency to its Known Exploited Vulnerabilities Catalog as of last month based on evidence of active exploitation.
News URL
https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html
Related news
- Google's New Restore Credentials Tool Simplifies App Login After Android Migration (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Vanir: Open-source security patch validation for Android (source)
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2021-22600 | Double Free vulnerability in multiple products A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. | 7.0 |