Google has launched month-to-month safety patches for Android with fixes for 37 flaws throughout completely different parts, one in every of which is a repair for an actively exploited Linux kernel vulnerability that got here to gentle earlier this 12 months.
Tracked as CVE-2021-22600 (CVSS rating: 7.8), the vulnerability is ranked “High” for severity and could possibly be exploited by an area consumer to escalate privileges or deny service.
The concern pertains to a double-free vulnerability residing within the Packet community protocol implementation within the Linux kernel that would trigger reminiscence corruption, doubtlessly resulting in denial-of-service or execution of arbitrary code.
“There are indications that CVE-2021-22600 may be under limited, targeted exploitation,” Google famous in its Android Security Bulletin for May 2022. Specifics concerning the nature of the assaults are unknown as but.
It’s value noting that the vulnerability has additionally been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities Catalog as of final month based mostly on proof of energetic exploitation.
Also fastened as a part of this month’s patches are three different bugs within the kernel in addition to 18 high-severity and one critical-severity flaw in MediaTek and Qualcomm parts.