Closed ahjolinna closed 4 months ago
MartinX3
commented
4 months ago You sent it to the Sony company, too? (Because this repo is about SODP and not stock)
And doesn't this mean it is part of the june security patch month? https://source.android.com/docs/security/bulletin/pixel/2024-06-01
ahjolinna
commented
4 months ago You sent it to the Sony company, too? (Because this repo is about SODP and not stock)
Yes, I did send an email to Sony about the vulnerability.
And doesn't this mean it is part of the june security patch month? https://source.android.com/docs/security/bulletin/pixel/2024-06-01
For some reason, the fix in the June security patch was only applied to Pixel devices. According to a Forbes article, even the July security update will not include the fix.
MartinX3
commented
4 months ago @ahjolinna if it's not in the official aosp source code that's bad. (We get the tags to build sodp from here https://source.android.com/docs/setup/reference/build-numbers#source-code-tags-and-builds)
ahjolinna
commented
4 months ago @MartinX3 According to Sony support the they have indeed added (manually) the security fix to the latest June Security update which all supported device have gotten, so will be closing this .
Description:
Google's July security update has addressed critical vulnerabilities in Pixel devices, specifically CVE-2024-32896, which remains unpatched in many other Android devices. This vulnerability is severe enough to have prompted a U.S. government warning, urging federal employees to update their Pixel devices by July 4. This vulnerability remains unpatched on non-Pixel Android devices.
Impact:
Current Status:
Recommended Actions:
References:
U.S. Government Warning on CVE-2024-32896
https://www.forbes.com/sites/zakdoffman/2024/07/03/samsung-s24-ultra-s23-free-update-warning-for-galaxy-android-users/
https://discuss.grapheneos.org/d/13494-cve-2024-32896-wipe-without-reboot-added-to-aosp-due-to-reports-by-grapheneos