Replying to Avatar calle

I really enjoy these reports. It would be nice to know when exactly these security holes were patched on stock android though.
Avatar
Final 10mo ago

The Android Security Bulletin tells you of CVEs that get uncovered and patched in Android. They'll also link the commits that patch them.

In this case example only CVE-2024-53104 was patched and it happened this month.

https://source.android.com/docs/security/bulletin/2025-02-01

CVE-2024-53197 and CVE-2024-50302 have been patched upstream in the Linux kernel but have not yet been in Android. It doesn't effect GrapheneOS due to the security features and us updating Linux kernel Generic Kernel Image (GKI) every time there's a new revision rather than Google only doing it quarterly or less and only backporting patches in special cases.

Because of that, many upstream kernel vulnerabilities are available in Android but not GrapheneOS, we talk about that on the site here:

https://grapheneos.org/features#more-complete-patching

Reply to this note

Please Login to reply.

Discussion

Avatar
Final 10mo ago

I talked about CVE-2024-53014 prior here, we patched this vulnerability months prior thanks to earlier and complete kernel patching, appears to be December. We were pretty right on the money with what our assumption this vulnerability was being used for and by who.

nostr:nevent1qqs9ayl7tq5zp0vmhmjysn0q3lq4kyjg59yeeykfrkr9q6c2kyuy5lqpzpmhxue69uhkummnw3ezumt0d5hsyg9e3hk5e6h2ypusm09ncv2qq6fqp8f5clueylpgdq66nxm5sxjuygpsgqqqqqqsxnchny