A mere month after May Day itself, Google is now rolling out the May 2022 update for Pixel phones. The associated security bulletin claims the 2022-05-05 patch level includes fixes for CVE-2022-0847 — otherwise known as the Dirty Pipe vulnerability that affected a handful of very recent Android devices. On top of that, Pixel 6 owners can look forward to a few bug fixes, including unexpected display wakes and “improvements for haptic feedback.” According to Google’s promised update schedule, it’s also the end of the line for the Pixel 3a and 3a XL, though we’ve reached out to Google for more information.
The full functional patch notes for this month’s update for Pixels are short enough to include here:
Display / Graphics
- Fix for issue occasionally causing display to wake without user interaction *.
- Improvements for haptic feedback under certain conditions and use cases *.
- Fix for issue causing launcher crash after restarting device in certain conditions *.
—————————————————————Device Applicability* Included on Pixel 3a, Pixel 3a XL, Pixel 4, Pixel 4 XL, Pixel 4a, Pixel 4a (5G), Pixel 5, Pixel 5a (5G), Pixel 6 & Pixel 6 Pro* Included on Pixel 6 & Pixel 6 Pro
Pixel owners of all devices can apparently anticipate a fix for unexpected display wakes, and the Pixel 6 and 6 Pro are getting improved haptics. Back in March, folk complained that the update had made them too weak, and we have to assume this is a further adjustment to their performance.
According to the Android Security Bulletin for this month, the Dirty Pipe vulnerability has finally been addressed in the Linux kernels used by Android. If you weren’t aware of it, Dirty Pipe was a pretty nasty little vulnerability that took advantage of how the Linux kernel reads and writes to files in a way that could allow a malicious piece of software to do basically anything it wanted to on an affected system. The exploit was demonstrated as a way to get full root access on both a Galaxy S22 and Pixel 6, proving the damage it could have done. Fortunately, not many devices were ever affected by the vulnerability — it needed a very recent version of the Linux kernel, and for better or worse, Android devices tend to “live” on just one version for a long time. Only a handful of very recent Snapdragon 8 Gen 1 devices that launched with Android 12 and Google’s Pixels were ever affected.
Last month, there was some confusion about whether the April update addressed the issue. Samsung included a patch for it in its April update for Galaxy S22-series phones, explaining at the time that it was part of the April 2022 Android Security Bulletin, though that bulletin did not actually make any note of the fix — further corroborated by the fact that it is included in the May 2022 bulletin notes. Samsung must have pulled the fix down into its own patches earlier and simply incorrectly attributed the changes to Google’s April 2022 patch level. April’s Quarterly Platform Release Beta 3 also included the fix, further muddying the waters.
Regardless of the source of that confusion, the issue is now fixed at the system level in Android itself and should start rolling out to other phones from other manufacturers as they pick up the May 2022 patch level in the coming months.
If you’re a Pixel 6 owner anxious to have a secure device, the update should be rolling out via the traditional means shortly. If you’re impatient, you can manually sideload it at your convenience. There are no carrier-specific images for this month and no devices have been held back. Folks with a Pixel 3a and later can pull down the update at their leisure.
Goodnight, sweet Pixel.
On that note, this might be the last update that the Pixel 3a and 3a XL get. Google only promised updates for the two mid-range phones until May 2022, and that date and update have arrived. Historically, Google will wait a couple more months and deliver one last round of bug fixes based on the final QPR the Pixel 3a series saw. We’ve reached out to Google both to confirm that its update plans for the Pixel 3a and 3a XL haven’t changed and to see what sort of schedule a final roundup update might take.
YouTube’s messing with likes, and we can’t hit dislike hard enough
About The Author