If you follow the world of security closely these days, you’ve had two words on your mind for months: Dirty Pipe. As a vulnerability discovered in recent Linux kernel versions, Dirty Pipe affected a handful of the most recent Android smartphones — most notably, the Galaxy S22 series and the Pixel 6 and 6 Pro. With this month’s security patch, Samsung fixed the exploit for its phones, but Google’s changelog left out any mention of whether it’d solved the problem. Thanks to today’s QPR3 beta release, we finally know what’s going on.
Google is currently running a couple of different beta tracks simultaneously. While the Android 13 developer preview carries on — with plans for the first beta to launch this month — it’s also continuing to develop early builds for Android 12, releasing its first QPR3 beta in March. This update included an early version of June’s Feature Drop, resulting in the Pixel 3a series being left out of this particular program. QPR3 beta 2 launched today, and although Google didn’t include it in the patch notes, the Dirty Pipe exploit for the Pixel 6 and 6 Pro has officially been fixed.
This is according to Twitter user mile_freak07 (via Mishaal Rahman), who spotted the updated kernel in today’s source code. It comes after a week of confusion, with Google refusing to confirm or deny — or even comment — to reporters whether it had fixed the exploit with the April patch. That silence continued with today’s patch; although we can see the updated kernel in the source code, the patch notes don’t contain any information about resolving Dirty Pipe.
Unfortunately, this leaves Pixel 6 owners in a tight spot. With it all but confirmed that this month’s security patch did not fix this vulnerability, users have two choices. They’ll need to enroll in the Android beta program to get the fix today — something that can result in instability and unexpected bugs — or wait for a future update while remaining on the stable channel. This patch could arrive with May’s release, or it could be held back for June’s Feature Drop, which these QPR (quarterly platform release) betas are ostensibly previewing.
We’ve reached out to Google to comment on when this new kernel version will become available for all users and will update if we hear back. For now, if you’re a Pixel 6 owner concerned about Dirty Pipe, the best thing you can do is hop on board that beta track.