Linux – BIG

Looks like Pixel 6 and Galaxy S22 owners may have another security vulnerability to contend with.

Security researcher and Northwestern University PhD student Zhenpeng Lin posted a video on Twitter showcasing the vulnerability. Lin claims the vulnerability can enable arbitrary read and write, privilege escalation, and disable SELinux security protections. In other words, it’s a doozy.

Android Police notes that none of the technical details about the vulnerability have been published. However, the vulnerability impacts Android devices running with Linux kernel version based on version 5.10 — namely, the Pixel 6 series, Galaxy S22 line, and some others. You can check your kernel version by heading to Settings > About phone > Android version > Kernel version.

Moreover, Android Police reports that the vulnerability appears to use some sort of memory access exploit, indicating it could be similar to the Dirty Pipe security flaw that plagued new Pixel and Galaxy smartphones earlier this year.

The latest Google Pixel 6 pwned with a 0day in kernel! Achieved arbitrary read/write to escalate privilege and disable SELinux without hijacking control flow. The bug also affects Pixel 6 Pro, other Pixels are not affected 🙂 pic.twitter.com/UsOI3ZbN3L

— Zhenpeng Lin (@Markak_) July 5, 2022

There’s also some debate over whether Lin’s Twitter post violates Google’s disclosure rules for security bugs. Lin told Android Police that the post was a “proof of concept” and he believes it doesn’t violate the rules. Additionally, Lin said he disclosed the flaw to Google on July 5th.

However, as Android Police notes, Google’s rules request “reasonable advance notice” and that reports going against this “usually don’t qualify.” In other words, it sounds like a public disclosure before alerting Google could impact reward payouts. Typically with security exploits, researchers only issue public disclosures as a final attempt to get companies to fix the flaw. Most tech companies offer disclosure programs and bug bounties and encourage researchers to disclose exploits to them first, then go public once a fix is available. Google’s internal research division, Project Zero, has a 90-day response policy for vulnerabilities that aren’t actively being exploited, and a seven-day policy for actively-exploited flaws.

Finally, Android Police notes that given the timeline and how Google’s security patches work, the issue might not be addressed until September. However, other manufacturers might be able to pull the fix into their own patches earlier, such as what Samsung did with Dirty Pipe.

Source: Zhenpeng Lin (Twitter) Via: Android Police

While debate rages about whether or not Stadia will land in the ‘Google Graveyard,’ it appears the search giant may have prepped something that could save its struggling game streaming service: a solution for running Windows games.

According to The Verge, Reddit users spotted a session at Google’s upcoming Games Developer Summit titled “how to write a Windows emulator for Linux from scratch.” Google Stadia’s porting platform lead, Marchin Undak, will head the session. It promises a “detailed overview of the technology behind Google’s solution for running unmodified Windows games on Stadia.”

In other words, it appears Google may have made its own Windows “emulator” for Linux.

It’s worth noting that Google’s Stadia is based on Linux, which means this could open the door for easily porting games designed to run on Windows over to Stadia. Although Google has worked with companies like Unreal, Unity, and Havok to improve the porting process, game developers still had to do some heavy lifting to get titles running on Linux.

If Google’s solution works well, it could remove some of the biggest hurdles for getting games running on Stadia. That could lead to an influx of new titles on the platform.

As The Verge points out, Google calls the solution an emulator, but it’s likely the solution is more of a compatibility layer. Emulating apps can cause performance issues, which aren’t ideal in things like games. Compatibility layers, on the other hand, can translate apps to run on different platforms without as significant an impact on performance.

Valve’s Proton compatibility layer is a great example of this. Proton, for those unfamiliar, uses a modified version of ‘Wine’ and maps Microsoft’s Direct3D graphics APIs to Vulkan, allowing Windows games to run on Linux. Proton is key to the Steam Deck, which runs a custom Linux distribution called ‘Steam OS.’

Of course, Google and Valve aren’t the only companies looking into ways to get Windows games running on Linux-based systems. Amazon has been trying to hire developers with experience in Proton for its Luna gaming service (which isn’t available in Canada yet). Luna is powered by Windows, but Amazon’s hiring attempts suggest it could shift to Linux.

Whether Google’s Windows-games-on-Stadia solution is an emulator or compatibility layer remains to be seen. Whatever the case, it could be a great way to expand the content available on Stadia. We’ll likely learn all the details at the Games Developer Summit on March 15th.

Source: The Verge