Went to 3/11 one time. Yep checked out correctly.Is it always at the same point that you got the error?
basically product_b 2/11 ?
If yes, the it could be that the image you downloaded is corrupted.
Always check the CRC to be certain.
If you still have the image, you can check the crc
I'm sure you have checked but have to ask, are you on the latest platform tools?Went to 3/11 one time. Yep checked out correctly.
Tried going back to the October image since it worked then and was the last one I had loaded.. same problem.
Tried pixelflasher with both also. same error.
yes and reboot.I'm sure you have checked but have to ask, are you on the latest platform tools?
Have you tried PC reboot in case there are other processes interfering, straining the system.
are you using Tap Tap?More info on my issue with my phone not entering deep sleep. Usf_queue and usfsensorhalworker are the 2 wakelocks keeping my phone awake according to BBS
13.0.0 (TQ1A.230105.002, Jan 2023) | Flash | Link | 924ad4baa13f6611a85bf3d1b2f26f8f61e4e90230b7b69618208323e47a94bb |
Android Security Bulletin—January 2023
bookmark_border
Published January 3, 2022
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-01-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.
Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.
The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.
Note: Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the January 2023 Pixel Update Bulletin.
Android and Google service mitigations
This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.
- Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
- The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.
2023-01-01 security patch level vulnerability details
In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-01-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.
Framework
The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed.
CVE References Type Severity Updated AOSP versions CVE-2022-20456 A-242703780 EoP High 10, 11, 12, 12L, 13 CVE-2022-20489 A-242703460 EoP High 10, 11, 12, 12L, 13 CVE-2022-20490 A-242703505 EoP High 10, 11, 12, 12L, 13 CVE-2022-20492 A-242704043 EoP High 10, 11, 12, 12L, 13 CVE-2022-20493 A-242846316 EoP High 10, 11, 12, 12L, 13 CVE-2023-20912 A-246301995 EoP High 13 CVE-2023-20916 A-229256049 EoP High 12, 12L CVE-2023-20918 A-243794108 EoP High 10, 11, 12, 12L, 13 CVE-2023-20919 A-252663068 EoP High 13 CVE-2023-20920 A-204584366 EoP High 10, 11, 12, 12L, 13 CVE-2023-20921 A-243378132 EoP High 10, 11, 12, 12L, 13 CVE-2022-20494 A-243794204 DoS High 10, 11, 12, 12L, 13 CVE-2023-20908 A-239415861 DoS High 10, 11, 12, 12L, 13 CVE-2023-20922 A-237291548 DoS High 11, 12, 12L, 13 System
The most severe vulnerability in this section could lead to local escalation of privilege of BLE with no additional execution privileges needed.
CVE References Type Severity Updated AOSP versions CVE-2022-20461 A-228602963 EoP High 10, 11, 12, 12L, 13 CVE-2023-20904 A-246300272 EoP High 12L, 13 CVE-2023-20905 A-241387741 EoP High 10 CVE-2023-20913 A-246933785 EoP High 10, 11, 12, 12L, 13 CVE-2023-20915 A-246930197 EoP High 10, 11, 12, 12L, 13 Google Play system updates
The following issues are included in Project Mainline components.
Subcomponent CVE MediaProvider CVE-2023-20912 2023-01-05 security patch level vulnerability details
In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-01-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
Kernel
The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed.
CVE References Type Severity Subcomponent CVE-2022-42719 A-253642087
Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]RCE Critical mac80211 CVE-2022-42720 A-253642015
Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]RCE Critical WLAN CVE-2022-42721 A-253642088
Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]RCE Critical Multiple Modules CVE-2022-2959 A-244395411
Upstream kernelEoP High Pipe Kernel components
The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed.
CVE References Type Severity Subcomponent CVE-2022-41674 A-253641805
Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]RCE Critical WLAN CVE-2023-20928 A-254837884
Upstream kernelEoP High Binder driver Kernel LTS
The following kernel versions have been updated. Kernel version updates are dependent on the version of Android OS at the time of device launch.
References Android Launch Version Kernel Launch Version Minimum Launch Version A-224575820 12 5.10 5.10.101 Imagination Technologies
This vulnerability affects Imagination Technologies components and further details are available directly from Imagination Technologies. The severity assessment of this issue is provided directly by Imagination Technologies.
CVE References Severity Subcomponent CVE-2022-20235 A-259967780 * High PowerVR-GPU MediaTek components
These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek.
CVE References Severity Subcomponent CVE-2022-32635 A-257714327
M-ALPS07573237 *High gps CVE-2022-32636 A-257846591
M-ALPS07510064 *High keyinstall CVE-2022-32637 A-257860658
M-ALPS07491374 *High hevc decoder Unisoc components
These vulnerabilities affect Unisoc components and further details are available directly from Unisoc. The severity assessment of these issues is provided directly by Unisoc.
CVE References Severity Subcomponent CVE-2022-44425 A-258731891
U-2028856 *High Kernel CVE-2022-44426 A-258728978
U-2028856 *High Kernel CVE-2022-44427 A-258736883
U-1888565 *High Kernel CVE-2022-44428 A-258741356
U-1888565 *High Kernel CVE-2022-44429 A-258743555
U-1981296 *High Kernel CVE-2022-44430 A-258749708
U-1888565 *High Kernel CVE-2022-44431 A-258741360
U-1981296 *High Kernel CVE-2022-44432 A-258743558
U-1981296 *High Kernel CVE-2022-44434 A-258760518
U-2064988 *High Android CVE-2022-44435 A-258759189
U-2064988 *High Android CVE-2022-44436 A-258760519
U-2064988 *High Android CVE-2022-44437 A-258759192
U-2064988 *High Android CVE-2022-44438 A-258760781
U-2064988 *High Android Qualcomm components
These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVE References Severity Subcomponent CVE-2022-22088 A-231156521
QC-CR#3052411Critical Bluetooth CVE-2022-33255 A-250627529
QC-CR#3212699High Bluetooth Qualcomm closed-source components
These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVE References Severity Subcomponent CVE-2021-35097 A-209469821 * Critical Closed-source component CVE-2021-35113 A-209469998 * Critical Closed-source component CVE-2021-35134 A-213239776 * Critical Closed-source component CVE-2022-23960 A-238203772 * High Closed-source component CVE-2022-25725 A-238101314 * High Closed-source component CVE-2022-25746 A-238106983 * High Closed-source component CVE-2022-33252 A-250627159 * High Closed-source component CVE-2022-33253 A-250627591 * High Closed-source component CVE-2022-33266 A-250627569 * High Closed-source component CVE-2022-33274 A-250627236 * High Closed-source component CVE-2022-33276 A-250627271 * High Closed-source component CVE-2022-33283 A-250627602 * High Closed-source component CVE-2022-33284 A-250627218 * High Closed-source component CVE-2022-33285 A-250627435 * High Closed-source component CVE-2022-33286 A-250627240 * High Closed-source component Common questions and answers
This section answers common questions that may occur after reading this bulletin.
1. How do I determine if my device is updated to address these issues?
To learn how to check a device's security patch level, see Check and update your Android version.
Device manufacturers that include these updates should set the patch string level to:
- Security patch levels of 2023-01-01 or later address all issues associated with the 2023-01-01 security patch level.
- Security patch levels of 2023-01-05 or later address all issues associated with the 2023-01-05 security patch level and all previous patch levels.
For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-01-01 security patch level. Please see this article for more details on how to install security updates.
- [ro.build.version.security_patch]:[2023-01-01]
- [ro.build.version.security_patch]:[2023-01-05]
2. Why does this bulletin have two security patch levels?
This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.
Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.
- Devices that use the 2023-01-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
- Devices that use the security patch level of 2023-01-05 or newer must include all applicable patches in this (and previous) security bulletins.
3. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
4. What do the entries in the References column mean?
Abbreviation Definition RCE Remote code execution EoP Elevation of privilege ID Information disclosure DoS Denial of service N/A Classification not available
Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
5. What does an * next to the Android bug ID in the References column mean?
Prefix Reference A- Android bug ID QC- Qualcomm reference number M- MediaTek reference number N- NVIDIA reference number B- Broadcom reference number U- UNISOC reference number
Issues that are not publicly available have an * next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
6. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?
Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.
Versions
Version Date Notes 1.0 January 3, 2022 Bulletin Published
Kush M.
Community Manager•Original Poster
Google Pixel Update - January 2023
Announcement
Hello Pixel Community,
We have provided the monthly software update for January 2023. All supported Pixel devices running Android 13 will receive these software updates starting today. The rollout will continue over the next few weeks in phases depending on carrier and device. Users will receive a notification once the OTA becomes available for their device. We encourage you to check your Android version and update to receive the latest software.
Details of this month’s security fixes can be found on the Android Security Bulletin: https://source.android.com/security/bulletin
This update also includes support for static spatial audio, which will provide surround sound for any connected headset. Another update will roll out to Pixel Buds Pro in the coming weeks that will enable spatial audio with head tracking.
Thanks,
Google Pixel Support Team
Software versions
Global
- Pixel 4a: TQ1A.230105.001
- Pixel 4a (5G): TQ1A.230105.001
- Pixel 5: TQ1A.230105.001
- Pixel 5a (5G): TQ1A.230105.001
- Pixel 6: TQ1A.230105.002
- Pixel 6 Pro: TQ1A.230105.002
- Pixel 6a: TQ1A.230105.001.A2
- Pixel 7: TQ1A.230105.001.A2
- Pixel 7 Pro: TQ1A.230105.002
Canada
- Pixel 4a: TQ1A.230105.001.B1
Telstra (AU)
What’s included
- Pixel 7: TQ1A.230105.001.A3
- Pixel 7 Pro: TQ1A.230105.002.A1
The January 2023 update includes bug fixes and improvements for Pixel users – see below for details.
Audio
- Add support for Spatial Audio with certain devices and accessories *[1]
Biometrics
- Additional improvements for fingerprint recognition and response in certain conditions *[2]
Bluetooth
- Fix for issue occasionally preventing certain Bluetooth Low Energy devices or accessories from pairing or reconnecting
- Fix for issue preventing audio from playing over certain headphones or accessories while connected in certain conditions
Camera
- Fix for issue occasionally causing captured photos to appear corrupted or distorted while zoomed in *[3]
Display & Graphics
- Fix for issue occasionally preventing display from waking or appearing turned off while device is powered on *[3]
User Interface
---------------------------------------------------------------
- Fix for issue occasionally causing UI to display in landscape layout while device is held in portrait mode
Device Applicability
Fixes are available for all supported Pixel devices unless otherwise indicated below.
*[1] Included on Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro
*[2] Included on Pixel 6a, Pixel 7
*[3] Included on Pixel 7, Pixel 7 Pro
Details
Other
Still haven't got the update. Pushed to my phone on this. Pixel 6pro unlocked bought from Google on att. I Heard there are problems with T-Mobile and mvno using T-Mobile but I haven't got it yet either.
If my pixel6Pro works in slot A and is Android 13, I don't know whether slot B is Android 12, so can I cover slot B through an OTA update (13)to avoid the above problems? (translate form Google)
Kush M.
Community Manager•Original Poster
8 min. ago
Google Pixel Update - February 2023
Announcement
Hello Pixel Community,
We have provided the monthly software update for February 2023. All supported Pixel devices running Android 13 will receive these software updates starting today. The rollout will continue over the next week in phases depending on carrier and device. Users will receive a notification once the OTA becomes available for their device. We encourage you to check your Android version and update to receive the latest software.
Details of this month’s security fixes can be found on the Android Security Bulletin: https://source.android.com/security/bulletin
Thanks,
Google Pixel Support Team
Software versions
Global
- Pixel 4a: TQ1A.230205.002
- Pixel 4a (5G): TQ1A.230205.002
- Pixel 5: TQ1A.230205.002
- Pixel 5a (5G): TQ1A.230205.002
- Pixel 6: TQ1A.230205.002
- Pixel 6 Pro: TQ1A.230205.002
- Pixel 6a: TQ1A.230205.002
- Pixel 7: TQ1A.230205.002
- Pixel 7 Pro: TQ1A.230205.002
Canada
- Pixel 4a: TQ1A.230205.001.B2
Telstra (AU)
- Pixel 7: TQ1A.230205.001.A2
- Pixel 7 Pro: TQ1A.230205.001.A2
T-Mobile, Google Fi (US)
What’s included
- Pixel 4a (5G): TQ1A.230205.001.D2
- Pixel 5: TQ1A.230205.001.D2
- Pixel 5a (5G): TQ1A.230205.001.D2
- Pixel 6: TQ1A.230205.001.D2
- Pixel 6 Pro: TQ1A.230205.001.D2
- Pixel 6a: TQ1A.230205.001.D2
- Pixel 7: TQ1A.230205.001.D2
- Pixel 7 Pro: TQ1A.230205.001.D2
The February 2023 update includes bug fixes and improvements for Pixel users – see below for details.
Accessibility
- Fix for issue preventing touch interaction with Braille keyboard in certain conditions
Audio
- Fix for issue occasionally causing instability while Clear Calling is enabled in certain conditions *[1]
Bluetooth
- Fix for issue occasionally preventing connection with certain Bluetooth devices or accessories
Framework
---------------------------------------------------------------
- Fix for issue occasionally preventing Work profile calendar information from updating in the background
Device Applicability
Fixes are available for all supported Pixel devices unless otherwise indicated below.
*[1] Included on Pixel 7, Pixel 7 Pro
Details
Other
Changelog doesn't mention the fastbootd issue (268872725), so it may not be ok to use the new release for flashing factory images.SDK Platform Tools release notes | Android Developers
Android SDK Platform-Tools is a component for...developer.android.com
Anyone know if it's ok to upgrade with this release?
Also, the download links are downloading SDK Platform-tools rev. 34.0.0 not rev. 34.0.1.Changelog doesn't mention the fastbootd issue (268872725), so it may not be ok to use the new release for flashing factory images.
SDK Platform Tools release notes | Android Developers
Android SDK Platform-Tools is a component for...developer.android.com
Anyone know if it's ok to upgrade with this release?
Changelog doesn't mention the fastbootd issue (268872725), so it may not be ok to use the new release for flashing factory images.
Also, the download links are downloading SDK Platform-tools rev. 34.0.0 not rev. 34.0.1.
The download links there are still to the 34.0.0 version as well. Confirmed it's the same zip file, still today.
My mistake. I just checked the link.
Anyone that updated their platform tools and needs to downgrade can use these links.
Windows
Mac
Linux
34.0.1 (March 2023)
- adb
- macOS: Reverted "unstable connectivity (MacBook high speed cable)" resolution due to adb install hang (issue #270205252).
- fastboot
- Windows: Fixed "mke2fs: Illegal or malformed device name while trying to determine filesystem size" error introduced in Platform tools 34.0.0 (issue #271039230).
13.0.0 (TQ2A.230305.008.E1, Mar 2023) | Flash | Link | def2deefd33b1d70f9d800cb297cf6a8437b73d959cf531300ee40b924c3d369 |
13.0.0 (TQ2A.230305.008.F1, Mar 2023, WINDTRE/Canada) | Flash | Link | 0d60c5da557bba63a78d6c5c10e22c4d0f8399a1a0e29451571567cfb6cb506c |
Kush M.
Community Manager•Original Poster
40 min. ago
Google Pixel Update - March 2023
Announcement
Google Pixel Update - March 2023
Hello Pixel Community,
We have provided the monthly software update for March 2023. All supported Pixel devices running Android 13 will receive these software updates starting today. The rollout will continue over the next few weeks in phases depending on carrier and device. Users will receive a notification once the OTA becomes available for their device. We encourage you to check your Android version and update to receive the latest software.
Details of this month’s security fixes can be found on the Android Security Bulletin: https://source.android.com/security/bulletin
Thanks,
Google Pixel Support Team
Software versions
Global
- Pixel 4a: TQ2A.230305.008.C1
- Pixel 4a (5G): TQ2A.230305.008.C1
- Pixel 5: TQ2A.230305.008.C1
- Pixel 5a (5G): TQ2A.230305.008.C1
- Pixel 7: TQ2A.230305.008
- Pixel 7 Pro: TQ2A.230305.008.C1
T-Mobile & MVNOs, Google Fi (US)
- Pixel 4a (5G): TQ2A.230305.008.A3
- Pixel 5: TQ2A.230305.008.A3
- Pixel 5a (5G): TQ2A.230305.008.A3
Canada
- Pixel 7: TQ2A.230305.008.A1
- Pixel 7 Pro: TQ2A.230305.008.A3
WINDTRE (Italy)
What’s included
- Pixel 7: TQ2A.230305.008.A1
- Pixel 7 Pro: TQ2A.230305.008.A3
In addition to new features, the March 2023 software update for Pixel devices includes several fixes and improvements across several areas, including device stability, connectivity, performance and more – see below for some notable improvements.
Apps
- Fix for issue causing Live Translate feature to prompt for translation too frequently in certain apps *[1]
- Fix for issue occasionally keeping display on while certain app activities are active
- Fix for issue occasionally preventing screenshots from being captured in certain apps
- Fix for issue occasionally preventing Wallpaper & style settings to open
Battery & Charging
- Fix for issue occasionally causing app-specific battery restriction settings to be reset after a software update
- Fix for issue occasionally preventing Battery Share from charging certain devices or accessories *[2]
- General improvements for charging, battery usage or performance in certain conditions *[1]
- General improvements for wireless charging stability or performance in certain conditions *[2]
Biometrics
- Additional improvements for fingerprint recognition and response in certain conditions *[1]
Bluetooth
- Fix for issue occasionally preventing Android Auto to connect wirelessly with certain vehicle head units
- Improvements for connection stability with certain Bluetooth LE headsets or accessories
Camera
- General improvements for camera stability and performance in certain conditions *[1]
- Improvements for color accuracy or exposure level while using the front camera in certain conditions *[3]
Display & Graphics
- Fix for issue occasionally causing display flicker or artifacts in certain apps or conditions *[1]
- Fix for issue occasionally causing instability or playback errors with certain media apps or content *[1]
- Fix for issue occasionally causing video preview to flicker in certain apps *[1]
Framework
- Fix for issue occasionally preventing keyboard from displaying in certain apps or conditions
Sensors
- Additional tuning for haptics intensity and response in certain conditions *[4]
- General improvements for adaptive brightness response in certain conditions
System
- Fix for issue preventing device bootloader from being unlocked in certain conditions *[4]
- Fix for issue preventing device from booting to Android in certain conditions *[4]
- General improvements for system stability and performance in certain conditions
- Kernel updates to 4.14.295 *[5], 4.19.261 *[6], 5.10.149 *[1]
Telephony
- General improvements for network connection stability and performance in certain conditions
Touch
- General improvements for touch response and performance in certain conditions *[3]
User Interface
- Fix for issue causing certain on-device search results to launch apps in work profile
- Fix for issue causing certain text entries in Battery Usage settings to overlap each other while scrolling
- Fix for issue causing home screen UI to appear blurred in certain conditions
- Fix for issue causing lag or delay with switching between apps while third-party launcher apps are in use
- Fix for issue occasionally causing inner launcher icons to appear clipped after closing a folder
- Fix for issue occasionally causing input text to overlap inside search bar
- Fix for issue occasionally causing media player notification to appear cut off or trimmed
- Fix for issue occasionally causing navigation UI to display over Assistant interface
- Fix for issue occasionally causing notification drawer to appear empty or blank
- Fix for issue occasionally causing Overview screen panels to display over home screen
- Fix for issue occasionally causing Quick Settings tiles to be activated while menu is not pulled down
- Fix for issue occasionally causing screen unlock to overlap with notifications, home screen or other UI elements
- Fix for issue occasionally causing silent mode icon to appear hidden or missing from status bar
- Fix for issue occasionally preventing app icon size to scale correctly when changing display size
- Fix for issue occasionally preventing screenshot sharing or editing to work when tapping overlay buttons
- Fix for issue preventing haptic feedback when interacting with notification drawer in certain conditions
- General improvements for performance in certain UI transitions and animations
- Improvements for home screen icon behavior when switching between different grid sizes
- Improvements for status bar layout and response in certain device orientations
Wi-Fi
---------------------------------------------------------------
- General improvements for Wi-Fi network connection stability & performance in certain conditions
- Improvements for connection stability with certain Wi-Fi 6E-capable routers or networks *[1]
Device Applicability
Fixes are available for all supported Pixel devices unless otherwise indicated below.
*[1] Included on Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro
*[2] Included on Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro
*[3] Included on Pixel 7, Pixel 7 Pro
*[4] Included on Pixel 6a
*[5] Included on Pixel 4a
*[6] Included on Pixel 4a (5G), Pixel 5, Pixel 5a (5G)
Details
Other
Android Security Bulletin—March 2023
bookmark_border
Published March 6, 2023 | Updated March 8, 2023
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.
Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.
The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.
Android and Google service mitigations
This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.
- Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
- The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.
2023-03-01 security patch level vulnerability details
In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-03-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.
Framework
The most severe vulnerability in this section could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE References Type Severity Updated AOSP versions CVE-2023-20906 A-221040577 EoP High 11, 12, 12L, 13 CVE-2023-20911 A-242537498 EoP High 11, 12, 12L, 13 CVE-2023-20917 A-242605257 [2] EoP High 11, 12, 12L, 13 CVE-2023-20947 A-237405974 EoP High 12, 12L, 13 CVE-2023-20963 A-220302519 EoP High 11, 12, 12L, 13 CVE-2023-20956 A-240140929 ID High 12, 12L, 13 CVE-2023-20958 A-254803162 ID High 13 CVE-2023-20964 A-238177121 [2] DoS High 12, 12L, 13 System
The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE References Type Severity Updated AOSP versions CVE-2023-20951 A-258652631 RCE Critical 11, 12, 12L, 13 CVE-2023-20954 A-261867748 RCE Critical 11, 12, 12L, 13 CVE-2023-20926 A-253043058 EoP High 12, 12L, 13 CVE-2023-20931 A-242535997 EoP High 11, 12, 12L, 13 CVE-2023-20936 A-226927612 EoP High 11, 12, 12L, 13 CVE-2023-20953 A-251778420 EoP High 13 CVE-2023-20955 A-258653813 EoP High 11, 12, 12L, 13 CVE-2023-20957 A-258422561 EoP High 11, 12, 12L CVE-2023-20959 A-249057848 EoP High 13 CVE-2023-20960 A-250589026 [2] [3] EoP High 12L, 13 CVE-2023-20966 A-242299736 EoP High 11, 12, 12L, 13 CVE-2022-4452 A-251802307 ID High 13 CVE-2022-20467 A-225880741 ID High 11, 12, 12L, 13 CVE-2023-20929 A-234442700 ID High 13 CVE-2023-20952 A-186803518 ID High 11, 12, 12L, 13 CVE-2023-20962 A-256590210 ID High 13 CVE-2022-20499 A-246539931 DoS High 12, 12L, 13 CVE-2023-20910 A-245299920 DoS High 11, 12, 12L, 13 Google Play system updates
The following issues are included in Project Mainline components.
Subcomponent CVE Media Codecs CVE-2023-20956 Permission Controller CVE-2023-20947 Tethering CVE-2023-20929 WiFi CVE-2022-20499, CVE-2023-20910 2023-03-05 security patch level vulnerability details
In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-03-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
Kernel
The vulnerability in this section could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE References Type Severity Subcomponent CVE-2021-33655 A-240019719
Upstream kernel [2] [3]EoP High Frame Buffer MediaTek components
These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek.
CVE References Severity Subcomponent CVE-2023-20620 A-264149248
M-ALPS07554558 *High adsp CVE-2023-20621 A-264208866
M-ALPS07664755*High tinysys CVE-2023-20623 A-264209787
M-ALPS07559778 *High ion Unisoc components
These vulnerabilities affect Unisoc components and further details are available directly from Unisoc. The severity assessment of these issues is provided directly by Unisoc.
CVE References Severity Subcomponent CVE-2022-47459 A-264598465
U-2032124 *High Kernel CVE-2022-47461 A-264834026
U-2066617 *High system CVE-2022-47462 A-264834568
U-2066754 *High system CVE-2022-47460 A-264831217
U-2044606 *High Kernel Qualcomm components
These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVE References Severity Subcomponent CVE-2022-22075 A-193434313
QC-CR#3129138
QC-CR#3112398 [2] [3]High Display CVE-2022-40537 A-261468700
QC-CR#3278869 [2] [3] [4]High Bluetooth CVE-2022-40540 A-261470730
QC-CR#3280498High Kernel Qualcomm closed-source components
These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
CVE References Severity Subcomponent CVE-2022-33213 A-238106224 * Critical Closed-source component CVE-2022-33256 A-245402790 * Critical Closed-source component CVE-2022-25655 A-261469326 * High Closed-source component CVE-2022-25694 A-235102547 * High Closed-source component CVE-2022-25705 A-235102507 * High Closed-source component CVE-2022-25709 A-235102420 * High Closed-source component CVE-2022-33242 A-245402503 * High Closed-source component CVE-2022-33244 A-245402728 * High Closed-source component CVE-2022-33250 A-245403450 * High Closed-source component CVE-2022-33254 A-245403473 * High Closed-source component CVE-2022-33272 A-245403311 * High Closed-source component CVE-2022-33278 A-245402730 * High Closed-source component CVE-2022-33309 A-261468683 * High Closed-source component CVE-2022-40515 A-261469638 * High Closed-source component CVE-2022-40527 A-261470448 * High Closed-source component CVE-2022-40530 A-261471028 * High Closed-source component CVE-2022-40531 A-261469091 * High Closed-source component CVE-2022-40535 A-261470732 * High Closed-source component Common questions and answers
This section answers common questions that may occur after reading this bulletin.
1. How do I determine if my device is updated to address these issues?
To learn how to check a device's security patch level, see Check and update your Android version.
Device manufacturers that include these updates should set the patch string level to:
- Security patch levels of 2023-03-01 or later address all issues associated with the 2023-03-01 security patch level.
- Security patch levels of 2023-03-05 or later address all issues associated with the 2023-03-05 security patch level and all previous patch levels.
For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-03-01 security patch level. Please see this article for more details on how to install security updates.
- [ro.build.version.security_patch]:[2023-03-01]
- [ro.build.version.security_patch]:[2023-03-05]
2. Why does this bulletin have two security patch levels?
This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.
Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.
- Devices that use the 2023-03-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
- Devices that use the security patch level of 2023-03-05 or newer must include all applicable patches in this (and previous) security bulletins.
3. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
4. What do the entries in the References column mean?
Abbreviation Definition RCE Remote code execution EoP Elevation of privilege ID Information disclosure DoS Denial of service N/A Classification not available
Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
5. What does an * next to the Android bug ID in the References column mean?
Prefix Reference A- Android bug ID QC- Qualcomm reference number M- MediaTek reference number N- NVIDIA reference number B- Broadcom reference number U- UNISOC reference number
Issues that are not publicly available have an * next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
6. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?
Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.
Versions
Version Date Notes 1.0 March 6, 2023 Bulletin Published 1.1 March 8, 2023 Bulletin revised to include AOSP links
Developer Support Android images
if you want to find them.fastboot reboot bootloader
after and then fastboot --set-active=other
to change slots in order to flash Android 13 to the new slot, but IF you have Android 13 on one slot and still have Android 12 (including Android 12 bootloader) on the other slot and you try to fully boot into Android 12, you will be permanently bricked and have to seek repair from Google. No one has yet found a way to repair this on our own. I will update if there is any progress. At least a small handful, and probably more, people have done this already.fastboot flash bootloader --slot all bootloader-devicename-slider-1.2-3456789.img
(change the name of the bootloader file to the one for your device), then you *should* be much safer than without doing that first. Also note that the bootloader is NOT the same as boot.img (kernel). The bootloader image file has "bootloader" in the filename.Note that this is mainly for the officially listed "Unlocked" Pixel 6 Pro, available directly from the Google Store. All of this will also apply to any other (carrier-specific) variant of the Pixel 6 Pro which you can achieve an unlocked bootloader on. This includes T-Mobile and AT&T variants. It's likely Verizon variants will never be able to unlock their bootloader, or if so it will require paying the right person to do so.
Feel free to ask about general questions, but for anything that's specific to your variant, you should use one of the other already existing threads. You'll find Verizon, AT&T, and T-Mobile-related threads in those respective search results.
Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device.
Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, your local bank's app, or even the ability to install some apps like NetFlix. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12
If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it.
There are no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. You will also continue to receive updates (if you've merely unlocked the bootloader, you can take updates as normal) unlike Samsung, Sony, et cetera, which have permanent major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to manually update each month, and to keep root/re-root.
All posts about Google Pay or banking will be reported to be deleted. Please keep this thread on-topic. There are at least one or two other How To Guide threads in this section in which folks discuss how to get around banking app restrictions when you're rooted or just have an unlocked bootloader. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12
If users persist in discussing banking apps in this thread, I will have this thread locked and only update this first post when there is new and updated information regarding the subjects of the title of the thread: Unlocking the Pixel 6 Pro bootloader, rooting, and TWRP. See @Pekempy's thread Working SafetyNet with Pixel 6 Pro Android 12
Honorable mention to @Jawomo's aodNotify - Notification Light / LED for Pixel 6 Pro! (XDA link) / Notification light / LED for Pixel - aodNotify (Play Store link), which in my opinion restores useful functionality missing in most phones these days. It also solves some subjective issues some folks have with AOD (Always On Display), and/or solves/works around the problem where AOD is required for the optical fingerprint reader to work without the screen being on.
OEM unlocking in developer options needs to be toggled on. I don't "believe" you have to actually do the "fastboot flashing unlock" command.
- You'll need this if you're going to unlock the bootloader on your Pixel 6 Pro: SDK Platform Tools (download links for Windows, Mac, and Linux). Note that you can find links to download the tools elsewhere, but I wouldn't trust them - you never know if they've been modified. Even if the person providing the link didn't do anything intentionally, the tools could be modified without them being aware. Why take a chance of putting your phone security further at risk?
- You can alternately use the tools from the SDK Manager, but most of us will want to stick to the basic tools-only without the complications of the full development manager.
- For Windows, get Google's drivers here Get the Google USB Driver (ADB will likely work while the phone is fully booted, but if you're like me, you'll need these drivers for after you "adb reboot-bootloader", to be able to use ADB and Fastboot.
- Thanks to @96carboard for posting the details of unlocking the bootloader, be sure to thank him in his post. Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device. Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, or your local bank's app. If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it. My experience on my Pixel 1 was that there were no negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that the bootloader is unlocked. All of this should still be the case. You will also continue to receive updates. Unlike Samsung, Sony, et cetera, which have major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to keep root/re-root.:
The unlock process works like this:
1) Take brand new fresh phone out of box. Do NOT put sim card in it, just power it on (you can put a SIM card if you want, you just don't have to).
2) When it starts harassing you to join Google, hit "skip" and "remind me tomorrow" as applicable until you reach home screen. YOU DO NOT need to plug in a google account.
3) Settings --> About --> Build number. Repeatedly tap it until it says you're a developer.
4) Back --> Network --> WiFi and connect it.
5) Back --> System --> Developer --> OEM unlocking (check), USB debugging (check), plug in USB, authorize on the phone when requested.
Using the Platform Tools previously mentioned in command line/terminal:
6) #7) #Code:adb reboot-bootloader
Code:fastboot flashing unlock
Now that you've unlocked it, it has been wiped, so repeat 1-4, then disable all the google spyware, and go ahead and start using it while waiting for aosp and root.
Official Instructions for Locking/Unlocking the Bootloader
Personally, I would always use the official drivers Google provides unless they just don't work for whatever reason: Get the Google USB Driver (this is for Windows). They work for me. They are rarely updated, but they are every once in a great while, sometimes years in-between.
I agree with this. be careful using drivers or adb/fastboot tools. Some are fine, but there's no need for it really anymore. Google has made it very easy to install drivers and Platform-Tools (adb/fastboot tool).
Google provides the Fastboot/ADB tool (Platform-Tools) and Google USB Drivers (adb/fastboot interface). This will allow any Pixel to interface with Windows using the fastboot/adb protocol. Official Google USB Driver includes support for both the Fastboot and ADB driver interface. There are 3 main drivers (Fastboot, ADB and MTP/Portable File Transfer). The MTP/Portable File Transfer driver is built-in to Windows 7-11.
Fastboot/ADB Driver Interface - Official Download Link:
When flashing a full image or unlocking your bootloader, the fastboot interface is being used.
First Download official Google USB Drivers (it's a zip file). Extract the zip (important!). Right-click on the android_winusb.inf file and hit install. You can then restart your phone to the Bootloader Screen (hold vol-down while it restarts or turns on). When you plug in your phone, Windows Device Manager will show a new device at the top: Android Device: Android Bootloader Interface.
Using the ADB interface: It's the same driver. Enable USB Debugging on your phone, then plug it in to your computer. A prompt will appear on your phone (to allow USB Debugging). The driver in Device Manager will appear as Android Device: Android Composite ADB interface.
Now you can download and use Platform-Tools to flash an Android Image, OTA or run adb/fastboot commands.
Official Download Page
"Android SDK Platform-Tools is a component for the Android SDK. It includes tools that interface with the Android platform, such as adb, fastboot, and systrace"
It's best to make Platform-Tools available system-wide. Download Platform-Tools from the above link and extract it to your C:\ drive - that way you will have a folder to add to the PATH Environment under Window System Properties Menu, Advanced, Environment Variables, System Variables, PATH (google how to do this, very easy). What this does is allow adb/fastboot commands to be run from anywhere in the system, so you don't have to be in the platform-tools folder to run adb/fastboot commands and flash an Android Image (Official or Android Fork such as ProtonAOSP).
@V0latyle posted a new thread with some very important and fascinating information about the increased difficulty to root Android 12: Read this before rooting. Be sure to thank him there.
I would guess that this should be the appropriate URL for official TWRP custom recovery for the Pixel 6 Pro, but who knows when/if that will actually be made available, and it may become available unofficially in these forum sections before being made official. I'll adjust this URL as needed. https://twrp.me/google/googlepixel6pro.html.
@Freak07's Kirisakura-Kernel for the Pixel 6 Pro (and possibly the Pixel 6)
@DespairFactor's Despair Kernel (I believe also for both the P6P and P6)
@tbalden's CleanSlate Kernel
@acuicultor's Radioactive Kernel
It's also handy to have to the full official firmware available, whether it's to recovery from accidents or for actual development. Note the official link to the general Factory Images for Nexus and Pixel Devices page. The following link goes directly to the Pixel 6 Pro (Raven) section: Pixel 6 Pro Factory Images. I prefer to actually bookmark a link to the device listed immediately below the device I want the firmware for, because Google dumbly (in my opinion) puts the latest firmware at the bottom of the list for each particular device, and that ends up making you scroll a lot after a year or two of monthly updates.
Note: You can still get the December 2021 Factory Images and OTA from this thread, if you need them for any reason: Alternate links to December - all full factory images and OTAs available
Back to modding!
- Use the latest Magisk Stable (in my case, I keep the app "hidden" / renamed)
- Used the full firmware zip, extracted to the same folder as the latest Platform Tools (S:\platform-tools)
- Extracted the new boot.img
- Copied new boot.img to the phone
- Patched the new boot.img with Magisk Stable
- Renamed Magisk'd boot.img so I know what version of firmware it's for
- Copied the Magisk'd boot.img back to the computer
- Disabled all my Magisk Modules
- Removed the "-w " from the flash-all.bat
- Re-edited the flash-all.bat to verify I saved it with the "-w " taken out
- Open a Command Prompt, navigated to S:\platform-tools
- adb reboot bootloader
- flash-all.bat
- Let phone boot, unlock it, check that it's working, allow the update process to finish (gave it five minutes or so)
- adb reboot bootloader
- fastboot flash boot kernel.img (renamed Magisk'd boot.img)
- fastboot reboot
- Unlock, check everything's working
- Re-enabled the most basic Magisk Modules which I was sure wouldn't cause a critical issue
- Reboot, unlock, made sure everything's working
I may append these first four posts with further useful information or links as needed.
33.0.1 (March 2022)
- adb
- Fixes Windows mdns crashes.
- Fixes enable-verity/disable-verity on old devices.
- Fixes "install multiple" on old devices
- Improves the help output to include all supported compression methods.
Used a factory image and booted into Android 13. Auto OTA and a sideload of the full OTA will end in the same result as both useI'm less concerned about the steps/commands as I am with how you updated (auto OTA, sideload, factory image), whether you booted to Android 13, and what happened when you rolled back (I assume using the factory image)
update_engine
. I did boot into Android 13 so the ARB counter did get incremented.