Open ahjolinna opened 4 days ago
You sent it to the Sony company, too? (Because this repo is about SODP and not stock)
And doesn't this mean it is part of the june security patch month? https://source.android.com/docs/security/bulletin/pixel/2024-06-01
You sent it to the Sony company, too? (Because this repo is about SODP and not stock)
Yes, I did send an email to Sony about the vulnerability.
And doesn't this mean it is part of the june security patch month? https://source.android.com/docs/security/bulletin/pixel/2024-06-01
For some reason, the fix in the June security patch was only applied to Pixel devices. According to a Forbes article, even the July security update will not include the fix.
@ahjolinna if it's not in the official aosp source code that's bad. (We get the tags to build sodp from here https://source.android.com/docs/setup/reference/build-numbers#source-code-tags-and-builds)
Description:
Google's July security update has addressed critical vulnerabilities in Pixel devices, specifically CVE-2024-32896, which remains unpatched in many other Android devices. This vulnerability is severe enough to have prompted a U.S. government warning, urging federal employees to update their Pixel devices by July 4. This vulnerability remains unpatched on non-Pixel Android devices.
Impact:
Current Status:
Recommended Actions:
References:
U.S. Government Warning on CVE-2024-32896
https://www.forbes.com/sites/zakdoffman/2024/07/03/samsung-s24-ultra-s23-free-update-warning-for-galaxy-android-users/
https://discuss.grapheneos.org/d/13494-cve-2024-32896-wipe-without-reboot-added-to-aosp-due-to-reports-by-grapheneos