From 091679d31e62b5f786212b2ef74c7f7ee1e7e208 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Mon, 11 Jul 2022 06:42:42 -0600 Subject: [PATCH 01/20] Bump Security String to 2022-07-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2021-0981 A-191981182 EoP High 10, 11 CVE-2022-20219 A-224585613 ID High 10, 11, 12, 12L CVE-2022-20221 A-205571133 ID High 10, 11, 12, 12L CVE-2022-20223 A-223578534 EoP High 10, 11, 12, 12L CVE-2022-20224 A-220732646 ID High 10, 11, 12, 12L CVE-2022-20225 A-213457638 ID High 10, 11, 12, 12L CVE-2022-20229 A-224536184 RCE Critical 10, 11, 12, 12L CVE-2022-20230 A-221859869 ID High 10, 11, 12, 12L Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20220 A-219015884 EoP High 12, 12L CVE-2022-20222 A-228078096 RCE Critical 12, 12L CVE-2022-20226 A-213644870 EoP High 12, 12L CVE-2022-20228 A-213850092 ID High 12, 12L Change-Id: I3c3cad7730c3db86896b33f878ff81df9c32275d --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 803c262960..c513255f50 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-06-05 + PLATFORM_SECURITY_PATCH := 2022-07-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 49e17aff01d709a59f53fc53570727e991edc393 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Thu, 4 Aug 2022 06:46:51 -0600 Subject: [PATCH 02/20] Bump Security String to 2022-08-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2021-39696 A-185810717 EoP High 10, 11, 12 CVE-2022-20344 A-232541124 EoP High 10, 11, 12, 12L CVE-2022-20346 A-230493653 ID High 10, 11, 12, 12L CVE-2022-20347 A-228450811 EoP High 10, 11, 12, 12L CVE-2022-20348 A-228315529 EoP High 10, 11, 12, 12L CVE-2022-20349 A-228315522 EoP High 10, 11, 12, 12L CVE-2022-20350 A-228178437 ID High 10, 11, 12, 12L CVE-2022-20353 A-221041256 ID High 10, 11, 12, 12L CVE-2022-20354 A-219546241 EoP High 11, 12, 12L CVE-2022-20355 A-219498290 DoS High 10, 11, 12, 12L CVE-2022-20356 A-215003903 EoP High 11, 12, 12L CVE-2022-20358 A-203229608 ID High 10, 11, 12, 12L CVE-2022-20360 A-228314987 EoP High 10, 11, 12, 12L CVE-2022-20361 A-231161832 EoP High 10, 11, 12, 12L Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20345 A-230494481 RCE Critical 12, 12L CVE-2022-20352 A-222473855 ID High 12, 12L CVE-2022-20357 A-214999987 ID High 12, 12L Change-Id: Ia322a9146e9a06694d912d226c001430b87fe8a6 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index c513255f50..2cf04bce32 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-07-05 + PLATFORM_SECURITY_PATCH := 2022-08-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 9fbcab9cc3456643ed55dcfaed5e79db2a48457e Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Fri, 9 Sep 2022 18:31:50 -0600 Subject: [PATCH 03/20] Bump Security String to 2022-09-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20197 A-208279300 EoP Moderate 10, 11, 12, 12L CVE-2022-20392 A-213323615 EoP High 10, 11, 12, 12L CVE-2022-20393 A-233735886 ID High 11, 12, 12L CVE-2022-20395 A-221855295 EoP High 11, 12, 12L, 13 CVE-2022-22822 A-219942275 EoP High 10, 11, 12, 12L CVE-2022-23852 A-221255869 EoP High 10, 11, 12, 12L CVE-2022-23990 A-221256678 EoP High 10, 11, 12, 12L CVE-2022-25314 A-221384482 EoP High 10, 11, 12, 12L Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20218 A-223907044 EoP High 12, 12L CVE-2022-20396 A-234440688 ID High 12L, 13 CVE-2022-20398 A-221859734 EoP High 13 Change-Id: I250086e4f06ca05f35f5610f4fc219cdf3742e24 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 2cf04bce32..0b3e8ebedd 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-08-05 + PLATFORM_SECURITY_PATCH := 2022-09-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 85b0d23a2e063391414166d01e0a2733529bccb6 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Thu, 6 Oct 2022 06:45:03 -0600 Subject: [PATCH 04/20] Bump Security String to 2022-10-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2021-39758 A-205130886 EoP Moderate 10, 11, 12 CVE-2022-20394 A-204906124 ID High 10, 11, 12, 12L CVE-2022-20410 A-205570663 ID High 10, 11, 12, 12L, 13 CVE-2022-20412 A-230794395 EoP High 10, 11, 12, 12L, 13 CVE-2022-20413 A-235850634 ID High 10, 11, 12, 12L, 13 CVE-2022-20415 A-231322873 EoP Moderate 10, 11, 12, 12L, 13 CVE-2022-20425 A-235823407 DoS High 10, 11, 12, 12L, 13 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2021-39624 A-67862680 DoS High 11, 12, 12L 6c65bf119c8f8 CVE-2022-20351 A-224771921 ID High 10, 11, 12, 12L a54f2f6b Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2021-39673 A-195410559 ID High 13 CVE-2022-20416 A-237717857 EoP High 12, 12L, 13 CVE-2022-20417 A-237288416 EoP High 12, 12L, 13 CVE-2022-20418 A-231986464 ID High 12, 12L, 13 CVE-2022-20419 A-237290578 ID Critical 12L, 13 CVE-2022-20420 A-238377411 EoP High 13 Change-Id: I764f97fccc008066ca87f48438121ea4777f6fac --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 0b3e8ebedd..5a1441ee94 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-09-05 + PLATFORM_SECURITY_PATCH := 2022-10-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 560848311f8d54e4cd66d224ea8dbc4497f992d6 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Thu, 10 Nov 2022 08:05:06 -0700 Subject: [PATCH 05/20] Bump Security String to 2022-11-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-2209 A-235601882 EoP High 10, 11, 12, 12L, 13 CVE-2022-20426 A-236263294 DoS High 10, 11, 12, 12L, 13 CVE-2022-20441 A-238605611 EoP High 10, 11, 12, 12L, 13 CVE-2022-20445 A-225876506 ID High 10, 11, 12, 12L, 13 CVE-2022-20446 A-229793943 EoP High 10, 11 CVE-2022-20448 A-237540408 EoP High 10, 11, 12, 12L, 13 CVE-2022-20450 A-210065877 EoP High 10, 11, 12, 12L, 13 CVE-2022-20451 A-235098883 EoP High 10, 11, 12, 12L, 13 CVE-2022-20453 A-240685104 DoS High 10, 11, 12, 12L, 13 CVE-2022-20454 A-242096164 EoP High 10, 11, 12, 12L, 13 CVE-2022-20462 A-230356196 EoP High 10, 11, 12, 12L, 13 CVE-2022-20463 A-231985227 EoP High 10, 11, 12, 12L, 13 CVE-2022-20465 A-218500036 EoP High 10, 11, 12, 12L, 13 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2022-20414 A-234441463 DoS High 10, 11, 12, 12L, 13 b710f4590eb7 44beaf40e6ab Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20447 A-233604485 ID High 13 CVE-2022-20452 A-240138318 EoP High 13 CVE-2022-20457 A-243924784 EoP High 13 Change-Id: I12e5d9979019cf217a74c02415953a81944b9afe --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 5a1441ee94..010439a935 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-10-05 + PLATFORM_SECURITY_PATCH := 2022-11-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 0df57bbdaffd29edc99b703e3f4ed7720b652f96 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Thu, 8 Dec 2022 12:35:40 -0700 Subject: [PATCH 06/20] Bump Security String to 2022-12-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2021-39617 A-175190844 EoP High 11, 12, 12L CVE-2022-20124 A-170646036 EoP High 10, 11, 12, 12L, 13 CVE-2022-20144 A-187702830 EoP High 10, 11, 12, 12L, 13 CVE-2022-20411 A-232023771 RCE Critical 10, 11, 12, 12L, 13 CVE-2022-20442 A-176094367 EoP High 10, 11, 12, 12L CVE-2022-20444 A-197296414 EoP High 11, 12 CVE-2022-20449 A-239701237 DoS High 10, 11, 12, 12L, 13 CVE-2022-20466 A-179725730 ID Moderate 13 ID High 10, 11, 12, 12L CVE-2022-20468 A-228450451 ID Moderate 10, 11, 12, 12L, 13 CVE-2022-20469 A-230867224 RCE High 10, 11, 12, 12L, 13 CVE-2022-20470 A-234013191 EoP High 10, 11, 12, 12L, 13 CVE-2022-20471 A-238177877 ID High 11, 12, 12L, 13 CVE-2022-20472 A-239210579 RCE Critical 10, 11, 12, 12L, 13 CVE-2022-20473 A-239267173 RCE Critical 10, 11, 12, 12L, 13 CVE-2022-20474 A-240138294 EoP High 10, 11, 12, 12L, 13 CVE-2022-20475 A-240663194 EoP High 11, 12, 12L, 13 CVE-2022-20476 A-240936919 DoS High 10, 11, 12, 12L CVE-2022-20478 A-241764135 EoP High 10, 11, 12, 12L, 13 CVE-2022-20479 A-241764340 EoP High 10, 11, 12, 12L, 13 CVE-2022-20480 A-241764350 EoP High 10, 11, 12, 12L, 13 CVE-2022-20483 A-242459126 ID High 10, 11, 12, 12L, 13 CVE-2022-20484 A-242702851 EoP High 10, 11, 12, 12L, 13 CVE-2022-20485 A-242702935 EoP High 10, 11, 12, 12L, 13 CVE-2022-20486 A-242703118 EoP High 10, 11, 12, 12L, 13 CVE-2022-20487 A-242703202 EoP High 10, 11, 12, 12L, 13 CVE-2022-20488 A-242703217 EoP High 10, 11, 12, 12L, 13 CVE-2022-20491 A-242703556 EoP High 10, 11, 12, 12L, 13 CVE-2022-20495 A-243849844 EoP High 10, 11, 12, 12L, 13 CVE-2022-20498 A-246465319 ID Critical 10, 11, 12, 12L, 13 CVE-2022-20500 A-246540168 DoS High 10, 11, 12, 12L, 13 CVE-2022-20501 A-246933359 EoP High 10, 11, 12, 12L, 13 CVE-2022-20611 A-242996180 EoP High 10, 11, 12, 12L, 13 Implemented (Qualcomm components): ================================== CVE: References: Severity: Subcomponent: CVE-2022-33268 A-245992426 High Bluetooth QC-CR#3182085 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2021-0934 A-169762606 DoS High 10, 11, 12, 12L, 13 912b946c8384 CVE-2021-39795 A-201667614 EoP High 11, 12, 12L, 13 435643fc9 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20240 A-231496105 EoP High 12, 12L CVE-2022-20477 A-241611867 EoP High 13 CVE-2022-20482 A-240422263 DoS High 12, 12L, 13 CVE-2022-20496 A-245242273 ID High 12, 12L, 13 CVE-2022-20497 A-246301979 ID High 12, 12L, 13 CVE-2022-20502 A-222166527 ID High 13 Change-Id: I48e68ebc8777fc639980dfadd0788dad315bd4e9 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 010439a935..56229d5b59 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-11-05 + PLATFORM_SECURITY_PATCH := 2022-12-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 3b8963756ba4dce41f86efdb702dd315d958be33 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sat, 7 Jan 2023 08:46:16 -0700 Subject: [PATCH 07/20] Bump Security String to 2023-01-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20456 A-242703780 EoP High 10, 11, 12, 12L, 13 CVE-2022-20489 A-242703460 EoP High 10, 11, 12, 12L, 13 CVE-2022-20490 A-242703505 EoP High 10, 11, 12, 12L, 13 CVE-2022-20492 A-242704043 EoP High 10, 11, 12, 12L, 13 CVE-2022-20493 A-242846316 EoP High 10, 11, 12, 12L, 13 CVE-2022-20494 A-243794204 DoS High 10, 11, 12, 12L, 13 CVE-2023-20908 A-239415861 DoS High 10, 11, 12, 12L, 13 CVE-2023-20913 A-246933785 EoP High 10, 11, 12, 12L, 13 CVE-2023-20915 A-246930197 EoP High 10, 11, 12, 12L, 13 CVE-2023-20918 A-243794108 EoP High 10, 11, 12, 12L, 13 CVE-2023-20920 A-204584366 EoP High 10, 11, 12, 12L, 13 CVE-2023-20921 A-243378132 EoP High 10, 11, 12, 12L, 13 CVE-2023-20922 A-237291548 DoS High 11, 12, 12L, 13 Implemented (Qualcomm components): ================================== CVE: References: Severity: Subcomponent: CVE-2022-22088 A-231156521 Critical Bluetooth QC-CR#3052411 CVE-2022-33255 A-250627529 High Bluetooth QC-CR#3212699 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2022-20461 A-228602963 EoP High 10, 11, 12, 12L, 13 552225fc27 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-20904 A-246300272 EoP High 12L, 13 CVE-2023-20905 A-241387741 EoP High 10 CVE-2023-20912 A-246301995 EoP High 13 CVE-2023-20916 A-229256049 EoP High 12, 12L CVE-2023-20919 A-252663068 EoP High 13 Change-Id: I6abd8797dc8bd64c50dab92574df85485e6ee9f4 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 56229d5b59..77ce313dfe 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2022-12-05 + PLATFORM_SECURITY_PATCH := 2023-01-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From bc27082143cf126cac78242fcf6b134301a9f41f Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sat, 11 Feb 2023 07:17:01 -0700 Subject: [PATCH 08/20] Bump Security String to 2023-02-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20443 A-194480991 EoP High 11, 12, 12L CVE-2022-20455 A-242537431 DoS High 10, 11, 12, 12L, 13 CVE-2022-20481 A-241927115 ID High 10, 11, 12, 12L, 13 CVE-2022-43680 A-255449293 EoP High 10, 11, 12, 12L, 13 CVE-2023-20932 A-248251018 ID High 10, 11, 12, 12L, 13 CVE-2023-20933 A-245860753 EoP High 10, 11, 12, 12L, 13 CVE-2023-20943 A-240267890 EoP High 10, 11, 12, 12L, 13 CVE-2023-20944 A-244154558 EoP High 10, 11, 12, 12L, 13 CVE-2023-20946 A-244423101 EoP High 11, 12, 12L, 13 Implemented (Qualcomm components): ================================== CVE: References: Severity: Subcomponent: CVE-2022-33280 A-250627584 Critical Bluetooth QC-CR#3040964 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2020-27059 A-159249069 EoP High 12, 12L CVE-2022-20551 A-243376549 EoP High 12, 12L, 13 CVE-2023-20934 A-258672042 EoP High 12, 12L, 13 CVE-2023-20939 A-243362981 EoP High 12, 12L, 13 CVE-2023-20940 A-256237041 EoP High 13 CVE-2023-20942 A-258021433 EoP High 12, 12L, 13 CVE-2023-20945 A-246932269 EoP High 10 CVE-2023-20948 A-230630526 ID High 12, 12L, 13 Change-Id: I71290c940efd2f0cd9e6bda41e10226d687e02fb --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 77ce313dfe..b6fc9ba34b 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-01-05 + PLATFORM_SECURITY_PATCH := 2023-02-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 6a296ecbb9013a2ae29f4239f0b868440c7b2413 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Fri, 17 Mar 2023 01:52:07 -0600 Subject: [PATCH 09/20] Bump Security String to 2023-03-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-20931 A-242535997 EoP High 11, 12, 12L, 13 CVE-2023-20951 A-258652631 RCE Critical 11, 12, 12L, 13 CVE-2023-20952 A-186803518 ID High 11, 12, 12L, 13 CVE-2023-20954 A-261867748 RCE Critical 11, 12, 12L, 13 CVE-2023-20955 A-258653813 EoP High 11, 12, 12L, 13 CVE-2023-20957 A-258422561 EoP High 11, 12, 12L CVE-2023-20963 A-220302519 EoP High 11, 12, 12L, 13 CVE-2023-20966 A-242299736 EoP High 11, 12, 12L, 13 Implemented (Qualcomm components): ================================== CVE: References: Severity: Subcomponent: CVE-2022-40537A-261468700 High Bluetooth QC-CR#3278869 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2022-20467 A-225880741 ID High 11, 12, 12L, 13 4be790424 CVE-2023-20906 A-221040577 EoP High 11, 12, 12L, 13 fa2f239962f4 CVE-2023-20910 A-245299920 DoS High 11, 12, 12L, 13 e0a036b3ff CVE-2023-20911 A-242537498 EoP High 11, 12, 12L, 13 84d5d81a3ae7 CVE-2023-20917 A-242605257 EoP High 11, 12, 12L, 13 0b4cfaca78df CVE-2023-20936 A-226927612 EoP High 11, 12, 12L, 13 88c90a2b26 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-4452 A-251802307 ID High 13 CVE-2022-20499 A-246539931 DoS High 12, 12L, 13 CVE-2023-20926 A-253043058 EoP High 12, 12L, 13 CVE-2023-20929 A-234442700 ID High 13 CVE-2023-20947 A-237405974 EoP High 12, 12L, 13 CVE-2023-20953 A-251778420 EoP High 13 CVE-2023-20956 A-240140929 ID High 12, 12L, 13 CVE-2023-20958 A-254803162 ID High 13 CVE-2023-20959 A-249057848 EoP High 13 CVE-2023-20960 A-250589026 EoP High 12L, 13 CVE-2023-20962 A-256590210 ID High 13 CVE-2023-20964 A-238177121 DoS High 12, 12L, 13 Change-Id: Ida3f06b778762faafb1e4a3ce09aed665017f513 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index b6fc9ba34b..99f9904639 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-02-05 + PLATFORM_SECURITY_PATCH := 2023-03-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 877a57f00ff129e0493eb591891241402b8f2e99 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sat, 15 Apr 2023 09:48:31 -0600 Subject: [PATCH 10/20] Bump Security String to 2023-04-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20463 A-231985227 EoP High 11, 12, 12L, 13 CVE-2022-20471 A-238177877 ID High 11, 12, 12L, 13 CVE-2023-20909 A-243130512 ID High 11, 12, 12L, 13 CVE-2023-20950 A-195756028 EoP Moderate 11, 12, 12L CVE-2023-20967 A-225879503 EoP High 11, 12, 12L, 13 CVE-2023-21080 A-245916076 ID High 11, 12, 12L, 13 CVE-2023-21081 A-230492955 EoP High 11, 12, 12L, 13 CVE-2023-21082 A-257030107 ID High 11, 12, 12L, 13 CVE-2023-21083 A-252762941 ID High 11, 12, 12L, 13 CVE-2023-21085 A-264879662 RCE Critical 11, 12, 12L, 13 CVE-2023-21086 A-238298970 EoP High 11, 12, 12L, 13 CVE-2023-21087 A-261723753 DoS High 11, 12, 12L, 13 CVE-2023-21089 A-237766679 EoP High 11, 12, 12L, 13 CVE-2023-21092 A-242040055 EoP High 11, 12, 12L, 13 CVE-2023-21093 A-228450832 EoP High 11, 12, 12L, 13 CVE-2023-21094 A-248031255 EoP High 11, 12, 12L, 13 CVE-2023-21097 A-261858325 EoP High 11, 12, 12L, 13 CVE-2023-21098 A-260567867 EoP High 11, 12, 12L, 13 CVE-2023-21099 A-243377226 EoP High 11, 12, 12L, 13 Implemented (Qualcomm components): ================================== CVE: References: Severity: Subcomponent: CVE-2022-40503 A-258057241 High Bluetooth QC-CR#3237187 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2023-20935 A-256589724 ID High 11, 12, 12L, 13 44ed9cf4f Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-21084 A-262892300 EoP High 13 CVE-2023-21088 A-235823542 EoP High 12, 12L, 13 CVE-2023-21090 A-259942609 DoS High 13 CVE-2023-21091 A-257954050 DoS High 13 CVE-2023-21096 A-254774758 RCE Critical 12, 12L, 13 CVE-2023-21100 A-242544249 EoP High 12, 12L, 13 Change-Id: I6cd89024a5c0ebb997b7adf6edbeeb67cadb08c2 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 99f9904639..e7b289fbc1 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-03-05 + PLATFORM_SECURITY_PATCH := 2023-04-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From cb17538392c35e61590ee90d95574bdb91df110b Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sat, 6 May 2023 09:37:34 -0600 Subject: [PATCH 11/20] Bump Security String to 2023-05-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2022-20338 A-171966843 EoP High 11, 12, 12L CVE-2023-20930 A-250576066 DoS High 11, 12, 12L, 13 CVE-2023-20993 A-261588851 EoP High 11, 12, 12L, 13 CVE-2023-21103 A-259064622 DoS High 11, 12, 12L, 13 CVE-2023-21107 A-259385017 EoP High 11, 12, 12L, 13 CVE-2023-21109 A-261589597 EoP High 11, 12, 12L, 13 CVE-2023-21110 A-258422365 EoP High 11, 12, 12L, 13 CVE-2023-21111 A-256819769 DoS High 11, 12, 12L, 13 CVE-2023-21112 A-252763983 ID High 11, 12, 12L, 13 CVE-2023-21116 A-256202273 EoP Moderate 11, 12, 12L, 13 CVE-2023-21118 A-269014004 ID High 11, 12, 12L, 13 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2021-39617 A-175190844 EoP High 11, 12, 12L e08d5420f4 CVE-2022-20444 A-197296414 EoP High 11, 12 d50b2c375351 b272d38e3725 5be28bb5a7 b8c1281e7f f947be7fa0 CVE-2023-20914 A-189942529 ID High 11 0b486e312fd0 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-21104 A-259938771 ID High 12L, 13 CVE-2023-21117 A-263358101 EoP High 13 Change-Id: Ic7dbab467fe58acbc56e6b987c660e7377c71555 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index e7b289fbc1..bc3bb60424 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-04-05 + PLATFORM_SECURITY_PATCH := 2023-05-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 60314cce64cdd7f0e1666da7cb590fe486e4c2f0 Mon Sep 17 00:00:00 2001 From: marcost2 Date: Tue, 6 Jul 2021 13:03:14 -0300 Subject: [PATCH 12/20] Add support for separate kernels for boot and recovery [2/2] * Either as prebuilts, or with separate defconfigs Change-Id: Iae31e3634178e66b4119c718994fe1c660414529 --- core/Makefile | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/core/Makefile b/core/Makefile index 118a623eda..a1fbfb57e6 100644 --- a/core/Makefile +++ b/core/Makefile @@ -1104,6 +1104,11 @@ else INSTALLED_KERNEL_TARGET := endif +ifneq "$(or $(TARGET_KERNEL_RECOVERY_CONFIG), $(TARGET_PREBUILT_RECOVERY_KERNEL))" "" +INSTALLED_RECOVERY_KERNEL := $(PRODUCT_OUT)/recovery_kernel +else +INSTALLED_RECOVERY_KERNEL := $(INSTALLED_KERNEL_TARGET) +endif # ----------------------------------------------------------------- # the root dir INTERNAL_ROOT_FILES := $(filter $(TARGET_ROOT_OUT)/%, \ @@ -1941,8 +1946,7 @@ recovery_sepolicy := \ # Passed into rsync from non-recovery root to recovery root, to avoid overwriting recovery-specific # SELinux files IGNORE_RECOVERY_SEPOLICY := $(patsubst $(TARGET_RECOVERY_OUT)/%,--exclude=/%,$(recovery_sepolicy)) - -recovery_kernel := $(INSTALLED_KERNEL_TARGET) # same as a non-recovery system +recovery_kernel := $(INSTALLED_RECOVERY_KERNEL) recovery_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.img recovery_uncompressed_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.cpio recovery_resources_common := $(call include-path-for, recovery)/res @@ -4622,6 +4626,7 @@ $(BUILT_TARGET_FILES_PACKAGE): \ $(INSTALLED_CUSTOMIMAGES_TARGET) \ $(INTERNAL_SYSTEMOTHERIMAGE_FILES) \ $(INSTALLED_ANDROID_INFO_TXT_TARGET) \ + $(INSTALLED_RECOVERY_KERNEL) \ $(INSTALLED_KERNEL_TARGET) \ $(INSTALLED_DTBIMAGE_TARGET) \ $(INSTALLED_2NDBOOTLOADER_TARGET) \ @@ -4660,8 +4665,9 @@ ifneq (,$(INSTALLED_RECOVERYIMAGE_TARGET)$(filter true,$(BOARD_USES_RECOVERY_AS_ @# OTA install helpers $(hide) $(call package_files-copy-root, \ $(PRODUCT_OUT)/install,$(zip_root)/INSTALL) -ifdef INSTALLED_KERNEL_TARGET - cp $(INSTALLED_KERNEL_TARGET) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/ +ifdef INSTALLED_RECOVERY_KERNEL +# The python script that wraps it all up wants it to be named kernel, so do that + cp $(INSTALLED_RECOVERY_KERNEL) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/kernel endif ifeq (truetrue,$(strip $(BUILDING_VENDOR_BOOT_IMAGE))$(strip $(AB_OTA_UPDATER))) echo "$(GENERIC_KERNEL_CMDLINE)" > $(zip_root)/$(PRIVATE_RECOVERY_OUT)/cmdline From 901fe5844c8d69d0abc36c6ee5b3391fc1aa42ef Mon Sep 17 00:00:00 2001 From: marcost2 Date: Tue, 6 Jul 2021 13:03:14 -0300 Subject: [PATCH 13/20] Add support for separate kernels for boot and recovery [2/2] * Either as prebuilts, or with separate defconfigs Change-Id: Iae31e3634178e66b4119c718994fe1c660414529 --- core/Makefile | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/core/Makefile b/core/Makefile index a1fbfb57e6..62b92f16d6 100644 --- a/core/Makefile +++ b/core/Makefile @@ -1104,10 +1104,16 @@ else INSTALLED_KERNEL_TARGET := endif -ifneq "$(or $(TARGET_KERNEL_RECOVERY_CONFIG), $(TARGET_PREBUILT_RECOVERY_KERNEL))" "" -INSTALLED_RECOVERY_KERNEL := $(PRODUCT_OUT)/recovery_kernel -else -INSTALLED_RECOVERY_KERNEL := $(INSTALLED_KERNEL_TARGET) +ifdef INSTALLED_KERNEL_TARGET +ifneq (,$(filter true,$(BOARD_USES_RECOVERY_AS_BOOT))) + INSTALLED_RECOVERY_KERNEL_TARGET := $(INSTALLED_KERNEL_TARGET) +else ifneq (true,$(BOARD_EXCLUDE_KERNEL_FROM_RECOVERY_IMAGE)) + ifneq "$(or $(TARGET_KERNEL_RECOVERY_CONFIG), $(TARGET_PREBUILT_RECOVERY_KERNEL))" "" + INSTALLED_RECOVERY_KERNEL_TARGET := $(PRODUCT_OUT)/recovery_kernel + else + INSTALLED_RECOVERY_KERNEL_TARGET := $(firstword $(INSTALLED_KERNEL_TARGET)) + endif +endif endif # ----------------------------------------------------------------- # the root dir @@ -1946,7 +1952,10 @@ recovery_sepolicy := \ # Passed into rsync from non-recovery root to recovery root, to avoid overwriting recovery-specific # SELinux files IGNORE_RECOVERY_SEPOLICY := $(patsubst $(TARGET_RECOVERY_OUT)/%,--exclude=/%,$(recovery_sepolicy)) -recovery_kernel := $(INSTALLED_RECOVERY_KERNEL) + +# if building multiple boot images from multiple kernels, use the first kernel listed +# for the recovery image +recovery_kernel := $(INSTALLED_RECOVERY_KERNEL_TARGET) recovery_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.img recovery_uncompressed_ramdisk := $(PRODUCT_OUT)/ramdisk-recovery.cpio recovery_resources_common := $(call include-path-for, recovery)/res @@ -4627,6 +4636,7 @@ $(BUILT_TARGET_FILES_PACKAGE): \ $(INTERNAL_SYSTEMOTHERIMAGE_FILES) \ $(INSTALLED_ANDROID_INFO_TXT_TARGET) \ $(INSTALLED_RECOVERY_KERNEL) \ + $(INSTALLED_RECOVERY_KERNEL_TARGET) \ $(INSTALLED_KERNEL_TARGET) \ $(INSTALLED_DTBIMAGE_TARGET) \ $(INSTALLED_2NDBOOTLOADER_TARGET) \ @@ -4665,13 +4675,11 @@ ifneq (,$(INSTALLED_RECOVERYIMAGE_TARGET)$(filter true,$(BOARD_USES_RECOVERY_AS_ @# OTA install helpers $(hide) $(call package_files-copy-root, \ $(PRODUCT_OUT)/install,$(zip_root)/INSTALL) -ifdef INSTALLED_RECOVERY_KERNEL -# The python script that wraps it all up wants it to be named kernel, so do that - cp $(INSTALLED_RECOVERY_KERNEL) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/kernel +ifdef INSTALLED_RECOVERY_KERNEL_TARGET + # The python script that wraps it all up wants it to be named kernel, so do that + cp $(INSTALLED_RECOVERY_KERNEL_TARGET) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/kernel endif -ifeq (truetrue,$(strip $(BUILDING_VENDOR_BOOT_IMAGE))$(strip $(AB_OTA_UPDATER))) - echo "$(GENERIC_KERNEL_CMDLINE)" > $(zip_root)/$(PRIVATE_RECOVERY_OUT)/cmdline -else # not (BUILDING_VENDOR_BOOT_IMAGE and AB_OTA_UPDATER) +ifneq (truetrue,$(strip $(BUILDING_VENDOR_BOOT_IMAGE))$(strip $(BOARD_USES_RECOVERY_AS_BOOT))) ifdef INSTALLED_2NDBOOTLOADER_TARGET cp $(INSTALLED_2NDBOOTLOADER_TARGET) $(zip_root)/$(PRIVATE_RECOVERY_OUT)/second endif From 1855e14c6242e4115fc4feaf742dc743528e903a Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Fri, 9 Jun 2023 09:15:48 -0600 Subject: [PATCH 14/20] Bump Security String to 2023-06-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-21105 A-261036568 ID High 11, 12, 12L, 13 CVE-2023-21108 A-239414876 RCE Critical 11, 12, 12L, 13 CVE-2023-21115 A-258834033 EoP High 11, 12, 12L CVE-2023-21121 A-205460459 EoP High 11, 12 CVE-2023-21122 A-270050191 EoP High 11, 12, 12L, 13 CVE-2023-21123 A-270050064 EoP High 11, 12, 12L, 13 CVE-2023-21124 A-265798353 EoP High 11, 12, 12L, 13 CVE-2023-21127 A-275418191 RCE Critical 11, 12, 12L, 13 CVE-2023-21128 A-272042183 EoP High 11, 12, 12L, 13 CVE-2023-21129 A-274759612 EoP High 11, 12, 12L, 13 CVE-2023-21131 A-265015796 EoP High 11, 12, 12L, 13 CVE-2023-21135 A-260570119 EoP High 11, 12, 12L, 13 CVE-2023-21136 A-246542285 DoS High 11, 12, 12L, 13 CVE-2023-21137 A-246541702 DoS High 11, 12, 12L, 13 CVE-2023-21138 A-273260090 EoP High 11, 12, 12L, 13 CVE-2023-21141 A-262244249 ID High 11, 12, 12L, 13 CVE-2023-21142 A-262243665 ID High 11, 12, 12L, 13 CVE-2023-21143 A-268193777 DoS High 11, 12, 12L, 13 CVE-2023-21144 A-252766417 DoS High 11, 12, 12L, 13 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-21095 A-242704576 ID High 12L, 13 CVE-2023-21126 A-271846393 EoP High 13 CVE-2023-21130 A-273502002 RCE Critical 13 CVE-2023-21139 A-271845008 EoP High 13 Change-Id: I5a94f78c371d4a0cafae817cb50cd603247d615b --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index bc3bb60424..6c8c4dd4ba 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-05-05 + PLATFORM_SECURITY_PATCH := 2023-06-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 034493c731f5771804abfcfa6149fc04406df1a0 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Mon, 10 Jul 2023 19:12:30 -0600 Subject: [PATCH 15/20] Bump Security String to 2023-07-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-20910 A-245299920 DoS High 11, 12, 12L, 13 CVE-2023-20918 A-243794108 EoP High 11, 12, 12L, 13 CVE-2023-21087 A-261723753 DoS High 11, 12, 12L, 13 CVE-2023-21238 A-277740848 ID High 11, 12, 12L, 13 CVE-2023-21240 A-275340417 DoS High 11, 12, 12L, 13 CVE-2023-21241 A-271849189 EoP High 11, 12, 12L, 13 CVE-2023-21243 A-274445194 DoS High 11, 12, 12L, 13 CVE-2023-21245 A-222446076 EoP High 11, 12, 12L, 13 CVE-2023-21246 A-273729476 EoP High 11, 12, 12L, 13 CVE-2023-21250 A-261068592 RCE Critical 11, 12, 12L, 13 CVE-2023-21251 A-204554636 EoP High 11, 12, 12L, 13 CVE-2023-21261 A-271680254 ID High 11, 12, 12L, 13 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2023-21145 A-265293293 EoP High 11, 12, 12L, 13 c57431f607fd Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-2136 A-278113033 RCE High 13 CVE-2023-20942 A-258021433 EoP High 12, 12L, 13 CVE-2023-21239 A-274592467 ID High 12, 12L, 13 CVE-2023-21247 A-277333781 EoP High 12, 12L, 13 CVE-2023-21248 A-277333746 EoP High 12, 12L, 13 CVE-2023-21249 A-217981062 ID High 13 CVE-2023-21254 A-254736794 EoP High 13 CVE-2023-21256 A-268193384 EoP High 13 CVE-2023-21257 A-257443065 EoP High 13 CVE-2023-21262 A-279905816 EoP High 12, 12L, 13 Change-Id: I70063f7ffbe701377a397a56d943a02798b123a6 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 6c8c4dd4ba..61443b365d 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-06-05 + PLATFORM_SECURITY_PATCH := 2023-07-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 1bf6766171116ff22ae9733958b26aa3f88aee65 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sat, 12 Aug 2023 07:52:25 -0600 Subject: [PATCH 16/20] Bump Security String to 2023-08-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-21265 A-262521447 ID High 11, 12, 12L, 13 CVE-2023-21267 A-218495634 ID High 11, 12, 12L, 13 CVE-2023-21268 A-264880895 DoS High 11, 12, 12L, 13 CVE-2023-21281 A-265431505 EoP High 11, 12, 12L, 13 CVE-2023-21282 A-279766766 RCE Critical 11, 12, 12L, 13 CVE-2023-21283 A-280797684 ID High 11, 12, 12L, 13 CVE-2023-21284 A-260729089 DoS High 11, 12, 12L, 13 CVE-2023-21285 A-271851153 ID High 11, 12, 12L, 13 CVE-2023-21286 A-277740082 EoP High 11, 12, 12L, 13 CVE-2023-21287 A-278221085 RCE High 11, 12, 12L, 13 CVE-2023-21288 A-276294099 ID High 11, 12, 12L, 13 CVE-2023-21289 A-272020068 ID High 11, 12, 12L, 13 CVE-2023-21290 A-264880689 DoS High 11, 12, 12L, 13 CVE-2023-21292 A-236688380 ID High 11, 12, 12L, 13 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2023-21272 A-227471459 EoP High 11, 12, 12L 2f24979c13a3 CVE-2023-21273 A-272783039 RCE Critical 11, 12, 12L, 13 433f913eb4 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-20965 A-250574778 EoP High 13 CVE-2023-21132 A-253043218 EoP High 12, 12L, 13 CVE-2023-21133 A-253043502 EoP High 12, 12L, 13 CVE-2023-21134 A-253043495 EoP High 12, 12L, 13 CVE-2023-21140 A-253043490 EoP High 12, 12L, 13 CVE-2023-21242 A-277824547 EoP High 13 CVE-2023-21269 A-271576718 EoP High 13 CVE-2023-21270 A-283006437 EoP High 12, 12L, 13 CVE-2023-21271 A-269455813 ID High 12, 12L, 13 CVE-2023-21274 A-269456018 ID High 12, 12L, 13 CVE-2023-21275 A-278691965 EoP High 12, 12L, 13 CVE-2023-21276 A-213170822 ID High 12, 12L, 13 CVE-2023-21277 A-281018094 ID High 12, 12L, 13 CVE-2023-21278 A-281807669 EoP High 12, 12L, 13 CVE-2023-21279 A-277741109 ID High 12, 12L, 13 CVE-2023-21280 A-270049379 DoS High 12, 12L, 13 Change-Id: I77a82e2673238f726352eb562f6deca2f4cb78b2 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 61443b365d..720c3ee0eb 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-07-05 + PLATFORM_SECURITY_PATCH := 2023-08-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From ce23fa95f02724d6ffbd9b2379afc5a3bf827518 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sun, 10 Sep 2023 08:51:16 -0600 Subject: [PATCH 17/20] Bump Security String to 2023-09-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-35658 A-274617156 RCE Critical 11, 12, 12L, 13 CVE-2023-35665 A-256819787 EoP High 11, 12, 12L, 13 CVE-2023-35666 A-269253349 EoP High 11, 12, 12L, 13 CVE-2023-35667 A-282932362 EoP High 11, 12, 12L, 13 CVE-2023-35669 A-265798288 EoP High 11, 12, 12L, 13 CVE-2023-35670 A-276898626 EoP High 11, 12, 12L, 13 CVE-2023-35671 A-268038643 ID High 11, 12, 12L, 13 CVE-2023-35673 A-273966636 RCE Critical 11, 12, 12L, 13 CVE-2023-35674 A-264029851 EoP High 11, 12, 12L, 13 CVE-2023-35675 A-284297711 ID High 11, 12, 12L, 13 CVE-2023-35677 A-280793427 DoS High 11, 12, 12L, 13 CVE-2023-35679 A-245137718 ID High 11, 12, 12L, 13 CVE-2023-35680 A-256591023 ID High 11, 12, 12L, 13 CVE-2023-35682 A-270152142 EoP High 11, 12, 12L, 13 CVE-2023-35683 A-223793631 ID High 11, 12, 12L, 13 CVE-2023-35684 A-280633699 EoP High 11, 12, 12L, 13 CVE-2023-35687 A-245135112 EoP High 11, 12, 12L, 13 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-35664 A-269270167 ID High 12, 12L, 13 CVE-2023-35676 A-278720336 EoP High 12, 12L, 13 CVE-2023-35681 A-271335899 RCE Critical 13 Change-Id: I73e555113d8be34d38cf17ce387bb7195d34bf0b --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 720c3ee0eb..041fb379d7 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-08-05 + PLATFORM_SECURITY_PATCH := 2023-09-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 73a363fc3a7a9c1b6dec0f91367e6f449e104968 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sat, 7 Oct 2023 14:25:45 -0600 Subject: [PATCH 18/20] Bump Security String to 2023-10-06 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-21244 A-276729064 EoP High 11, 12, 12L, 13 CVE-2023-21252 A-275339978 DoS High 11, 12, 12L, 13 CVE-2023-40116 A-270368476 EoP High 11, 12, 12L CVE-2023-40117 A-253043065 EoP High 11, 12, 12L, 13 CVE-2023-40120 A-274775190 EoP High 11, 12, 12L, 13 CVE-2023-40121 A-224771621 ID High 11, 12, 12L, 13 CVE-2023-40123 A-278246904 ID High 11, 12, 12L, 13 CVE-2023-40125 A-279902472 EoP High 11, 12, 12L, 13 CVE-2023-40127 A-262244882 ID High 11, 12, 12L, 13 CVE-2023-40128 A-274231102 EoP High 11, 12, 12L, 13 CVE-2023-40130 A-289809991 EoP High 11, 12, 12L, 13 CVE-2023-40133 A-283264674 ID High 11, 12, 12L, 13 CVE-2023-40135 A-281848557 ID High 11, 12, 12L, 13 CVE-2023-40136 A-281666022 ID High 11, 12, 12L, 13 CVE-2023-40137 A-281665050 ID High 11, 12, 12L, 13 CVE-2023-40138 A-281534749 ID High 11, 12, 12L, 13 CVE-2023-40139 A-281533566 ID High 11, 12, 12L, 13 CVE-2023-40140 A-274058082 EoP High 11, 12, 12L, 13 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2023-4863 A-299477569 RCE Critical 11, 12, 12L, 13 eee262a CVE-2023-21253 A-266580022 DoS High 11, 12, 12L, 13 c6e04b0 CVE-2023-21266 A-223376078 EoP High 11, 12, 12L, 13 0e52101dbc3e CVE-2023-21291 A-277593270 ID High 11, 12, 12L, 13 6d75d088a674 Not Implemented: ======================= None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-40129 A-273874525 RCE Critical 12, 12L, 13 CVE-2023-40131 A-282919145 EoP High 12, 12L, 13 CVE-2023-40134 A-283101289 ID High 12, 12L, 13 Change-Id: Id4164bb314eca243bea55d7c46628d1841521ff0 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 041fb379d7..f0b14c6b62 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-09-05 + PLATFORM_SECURITY_PATCH := 2023-10-06 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 300a1fe68dbc346ed54c81f82b35c7a0e5b58206 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sun, 12 Nov 2023 09:45:00 -0700 Subject: [PATCH 19/20] Bump Security String to 2023-11-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-40104 A-284262845 ID High 11, 12, 12L, 13 CVE-2023-40105 A-289549315 ID High 11, 12, 12L, 13, 14 CVE-2023-40106 A-278558814 EoP High 11, 12, 12L, 13, 14 CVE-2023-40109 A-291299076 EoP High 11, 12, 12L, 13, 14 CVE-2023-40100 A-278303745 EoP High 11, 12, 12L, 13, 14 CVE-2023-40110 A-243463593 EoP High 11, 12, 12L, 13, 14 CVE-2023-40112 A-168903843 ID High 11 CVE-2023-40113 A-289242655 ID Critical 11, 12, 12L, 13 CVE-2023-40114 A-243381410 EoP High 11, 12, 12L, 13, 14 CVE-2023-40115 A-285645039 EoP High 11, 12, 12L, 13, 14 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: CVE-2023-21103 A-259064622 DoS High 11, 12, 12L, 13 e14e61d2040c a14b56609 CVE-2023-21111 A-256819769 DoS High 11, 12, 12L, 13 e14e61d2040c a14b56609 CVE-2023-40124 A-272025416 ID High 11, 12, 12L, 13 0888a4551769 Not Implemented: ================ None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-40107 A-287298721 EoP High 12, 12L, 13, 14 CVE-2023-40111 A-272024837 EoP High 14 Change-Id: Ied58d58ed7d81c4b1b7a4319506702ba0773a0d8 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index f0b14c6b62..53cd099f17 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-10-06 + PLATFORM_SECURITY_PATCH := 2023-11-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH From 0502b04a3527581455ccb90c912ba7b458f5b4e0 Mon Sep 17 00:00:00 2001 From: "Kevin F. Haggerty" Date: Sun, 10 Dec 2023 21:26:53 -0700 Subject: [PATCH 20/20] Bump Security String to 2023-12-05 Implemented: ============ CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-21267 A-218495634 ID High 11, 12, 12L, 13, 14 CVE-2023-21394 A-296915211 ID High 11, 12, 12L, 13 CVE-2023-35668 A-283962802 ID High 11, 12, 12L, 13 CVE-2023-40073 A-287640400 ID High 11, 12, 12L, 13, 14 CVE-2023-40074 A-247513680 DoS High 11, 12, 12L, 13 CVE-2023-40075 A-281061287 DoS High 11, 12, 12L, 13, 14 CVE-2023-40077 A-298057702 EoP Critical 11, 12, 12L, 13, 14 CVE-2023-40081 A-284297452 ID High 11, 12, 12L, 13, 14 CVE-2023-40084 A-272382770 EoP High 11, 12, 12L, 13, 14 CVE-2023-40087 A-275895309 EoP High 11, 12, 12L, 13, 14 CVE-2023-40088 A-291500341 RCE Critical 11, 12, 12L, 13, 14 CVE-2023-40090 A-274478807 EoP High 11, 12, 12L, 13, 14 CVE-2023-40091 A-283699145 EoP High 11, 12, 12L, 13, 14 CVE-2023-40092 A-288110451 ID High 11, 12, 12L, 13, 14 CVE-2023-40094 A-288896339 EoP High 11, 12, 12L, 13, 14 CVE-2023-40095 A-273729172 EoP High 11, 12, 12L, 13, 14 CVE-2023-40096 A-268724205 EoP High 11, 12, 12L, 13, 14 CVE-2023-40097 A-295334906 EoP High 11, 12, 12L, 13 CVE-2023-45774 A-288113797 EoP High 11, 12, 12L, 13, 14 CVE-2023-45866 A-294854926 EoP Critical 11, 12, 12L, 13, 14 Implemented (Qualcomm components): ================================== CVE: References: Severity: Subcomponent: CVE-2023-28588 A-285902729 High Bluetooth QC-CR#3417458 CVE-2023-33092 A-299146537 High Bluetooth QC-CR#3507292 Previously Implemented: ======================= CVE: References: Type: Severity: Updated AOSP versions: Prior Change: Not Implemented: ================ None Not Applicable (platform source): ================================= CVE: References: Type: Severity: Updated AOSP versions: CVE-2023-40076 A-303835719 ID Critical 14 CVE-2023-40078 A-275626001 EoP High 14 CVE-2023-40079 A-278722815 EoP High 14 CVE-2023-40080 A-275057843 EoP High 13, 14 CVE-2023-40082 A-290909089 EoP High 14 CVE-2023-40083 A-277590580 ID High 12, 12L, 13, 14 CVE-2023-40089 A-294228721 EoP High 14 CVE-2023-40098 A-288896269 ID High 12, 12L, 13, 14 CVE-2023-40103 A-197260547 EoP High 14 CVE-2023-45773 A-275057847 EoP High 13, 14 CVE-2023-45775 A-275340684 EoP High 14 CVE-2023-45776 A-282234870 EoP High 14 CVE-2023-45777 A-299930871 EoP High 13, 14 CVE-2023-45781 A-275553827 ID High 12, 12L, 13, 14 Change-Id: I4699f12b73b9696a6415fba9958482d52e6be6f7 --- core/version_defaults.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/version_defaults.mk b/core/version_defaults.mk index 53cd099f17..91bd82431b 100644 --- a/core/version_defaults.mk +++ b/core/version_defaults.mk @@ -240,7 +240,7 @@ ifndef PLATFORM_SECURITY_PATCH # It must be of the form "YYYY-MM-DD" on production devices. # It must match one of the Android Security Patch Level strings of the Public Security Bulletins. # If there is no $PLATFORM_SECURITY_PATCH set, keep it empty. - PLATFORM_SECURITY_PATCH := 2023-11-05 + PLATFORM_SECURITY_PATCH := 2023-12-05 endif .KATI_READONLY := PLATFORM_SECURITY_PATCH