[ncmncm]

Just to be clear, everyone really should panic. Right?

[kibwen]

Plenty of Android devices have kernels that are too old to be vulnerable. Versions 5.1 and newer are vulnerable.

[sgt]

Which versions of Android would that translate to?

[llarsson]

It seems to me that Android version and kernel version are not linked in any meaningful way.

My phone is Android 12 and the kernel is 4.19.x, which initially came out in 2018 (but is an LTS one, so it's fine).

[ncmncm]

Older kernels are instead vulnerable to older bugs, since fixed, of not less severity, but more systematically exploited.

[Wowfunhappy]

Do you have any particular exploits in mind?

The idea that you could gain RCE without the user doing anything except being in range of a wifi hotspot—no need to run an app, load a website, or even open an image—strikes me as exceptionally concerning. It's not quite the holy grail of "connect this device to the internet anywhere in the world and get hacked within minutes", but it's coming close.