Final on Nostr: The Android Security Bulletin tells you of CVEs that get uncovered and patched in ...
The Android Security Bulletin tells you of CVEs that get uncovered and patched in Android. They'll also link the commits that patch them.
In this case example only CVE-2024-53104 was patched and it happened this month.
https://source.android.com/docs/security/bulletin/2025-02-01
CVE-2024-53197 and CVE-2024-50302 have been patched upstream in the Linux kernel but have not yet been in Android. It doesn't effect GrapheneOS due to the security features and us updating Linux kernel Generic Kernel Image (GKI) every time there's a new revision rather than Google only doing it quarterly or less and only backporting patches in special cases.
Because of that, many upstream kernel vulnerabilities are available in Android but not GrapheneOS, we talk about that on the site here:
https://grapheneos.org/features#more-complete-patching
In this case example only CVE-2024-53104 was patched and it happened this month.
https://source.android.com/docs/security/bulletin/2025-02-01
CVE-2024-53197 and CVE-2024-50302 have been patched upstream in the Linux kernel but have not yet been in Android. It doesn't effect GrapheneOS due to the security features and us updating Linux kernel Generic Kernel Image (GKI) every time there's a new revision rather than Google only doing it quarterly or less and only backporting patches in special cases.
Because of that, many upstream kernel vulnerabilities are available in Android but not GrapheneOS, we talk about that on the site here:
https://grapheneos.org/features#more-complete-patching