Android is yet to receive a security fix for the recently discovered race condition that is infamous as ‘Dirty Cow’. The severe vulnerability was found last month and the Linux kernel for desktop distributions has already been patched with the fix.
The bug CVE-2016-5195 aka Dirty Cow is a race condition that was introduced in the core of Linux kernel in 2007. Linus Torvalds himself had made an unsuccessful attempt to fix the vulnerability. Moreover, the flaw remained undetected for years until security researchers found it just in October.
Throughout the globe, the vulnerability is found across all Linux-powered devices. It is already being exploited in attacks against Linux servers. Last week, a security researcher found 13 Google Play apps that were using this vulnerability to root Android devices. It has notably affected millions of Android devices.
Among the various bug fixes published this month, Google has not included a fix for Dirty Cow. There is no official word about why the Dirty Cow patch was absent from the recent update that has just been released for Android Nougat-running Nexus and Pixel devices. However, market watchers believe that the search giant would soon come up with a significant solution.
Unlike Google, some prominent Linux contributors have already addressed the issue raised by the race condition. Canonical, Black Lab Linux and Red Hat have released new updates for their Linux distributions to fix Dirty Cow. Most Recently, Raspberry Pi Foundation also brought Raspbian Jessie with a specific patch for the vulnerability.
Franco Kernel patched this as of the end of October.
O rly? https://source.android.com/security/bulletin/2016-11-01.html#2016-11-06-summary