Pixel Update Bulletin—June 2023

Published June 13, 2023

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2023-06-05 or later address all issues in this bulletin and all issues in the June 2023 Android Security Bulletin. To learn how to check a device's security patch level, see Check and update your Android version.

All supported Google devices will receive an update to the 2023-06-05 patch level. We encourage all customers to accept these updates to their devices.

Announcements

  • In addition to the security vulnerabilities described in the June 2023 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below.

Security patches

Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

Framework

CVE References Type Severity Updated AOSP versions
CVE-2023-20971 A-225880325 EoP Moderate 13
CVE-2023-21171 A-261085213 EoP Moderate 13
CVE-2023-21189 A-213942596 EoP Moderate 13
CVE-2023-21192 A-227207653 EoP Moderate 13
CVE-2023-21168 A-253270285 ID Moderate 13
CVE-2023-21177 A-273906410 ID Moderate 13
CVE-2023-21178 A-140762419 ID Moderate 13
CVE-2023-21193 A-233006499 ID Moderate 13
CVE-2023-21237 A-251586912 ID Moderate 13
CVE-2023-21167 A-259942964 DoS Moderate 13

System

CVE References Type Severity Updated AOSP versions
CVE-2023-20975 A-250573776 EoP Moderate 13
CVE-2023-20976 A-216117246 EoP Moderate 13
CVE-2023-20985 A-245915315 EoP Moderate 13
CVE-2023-21172 A-262243015 EoP Moderate 13
CVE-2023-21174 A-235822222 EoP Moderate 13
CVE-2023-21175 A-262243574 EoP Moderate 13
CVE-2023-21179 A-272755865 EoP Moderate 13
CVE-2023-21183 A-235863754 EoP Moderate 13
CVE-2023-21184 A-267809568 EoP Moderate 13
CVE-2023-21185 A-266700762 EoP Moderate 13
CVE-2023-21187 A-246542917 EoP Moderate 13
CVE-2023-21191 A-269738057 EoP Moderate 13
CVE-2023-21203 A-262246082 EoP Moderate 13
CVE-2023-21207 A-262236670 EoP Moderate 13
CVE-2023-21209 A-262236273 EoP Moderate 13
CVE-2023-20968 A-262235935 ID Moderate 13
CVE-2023-20972 A-255304665 ID Moderate 13
CVE-2023-20973 A-260568245 ID Moderate 13
CVE-2023-20974 A-260078907 ID Moderate 13
CVE-2023-20977 A-254445952 ID Moderate 13
CVE-2023-20979 A-259939364 ID Moderate 13
CVE-2023-20980 A-260230274 ID Moderate 13
CVE-2023-20981 A-256165737 ID Moderate 13
CVE-2023-20982 A-260568083 ID Moderate 13
CVE-2023-20983 A-260569449 ID Moderate 13
CVE-2023-20984 A-242993878 ID Moderate 13
CVE-2023-20986 A-255304475 ID Moderate 13
CVE-2023-20987 A-260569414 ID Moderate 13
CVE-2023-20988 A-260569232 ID Moderate 13
CVE-2023-20989 A-260568367 ID Moderate 13
CVE-2023-20990 A-260568354 ID Moderate 13
CVE-2023-20991 A-255305114 ID Moderate 13
CVE-2023-20992 A-260568750 ID Moderate 13
CVE-2023-21027 A-216854451 ID Moderate 13
CVE-2023-21031 A-242688355 ID Moderate 13
CVE-2023-21169 A-274443441 ID Moderate 13
CVE-2023-21170 A-252764410 ID Moderate 13
CVE-2023-21173 A-262741858 ID Moderate 13
CVE-2023-21180 A-261365944 ID Moderate 13
CVE-2023-21181 A-264880969 ID Moderate 13
CVE-2023-21182 A-252764175 ID Moderate 13
CVE-2023-21188 A-264624283 ID Moderate 13
CVE-2023-21190 A-251436534 ID Moderate 13
CVE-2023-21194 A-260079141 ID Moderate 13
CVE-2023-21195 A-233879420 ID Moderate 13
CVE-2023-21196 A-261857395 ID Moderate 13
CVE-2023-21197 A-251427561 ID Moderate 13
CVE-2023-21198 A-245517503 ID Moderate 13
CVE-2023-21199 A-254445961 ID Moderate 13
CVE-2023-21200 A-236688764 ID Moderate 13
CVE-2023-21202 A-260568359 ID Moderate 13
CVE-2023-21204 A-262246231 ID Moderate 13
CVE-2023-21205 A-262245376 ID Moderate 13
CVE-2023-21206 A-262245630 ID Moderate 13
CVE-2023-21208 A-262245254 ID Moderate 13
CVE-2023-21210 A-262236331 ID Moderate 13
CVE-2023-21211 A-262235998 ID Moderate 13
CVE-2023-21212 A-262236031 ID Moderate 13
CVE-2023-21213 A-262235951 ID Moderate 13
CVE-2023-21214 A-262235736 ID Moderate 13
CVE-2023-21176 A-222287335 DoS Moderate 13
CVE-2023-21186 A-261079188 DoS Moderate 13
CVE-2023-21201 A-263545186 DoS Moderate 13

Pixel

CVE References Type Severity Subcomponent
CVE-2023-21066 A-250100597 * RCE Critical exynos-slsi
CVE-2023-21225 A-270403821 * EoP High Protected Confirmation
CVE-2022-39901 A-263783333 * ID High Lassen Baseband
CVE-2023-21219 A-264698379 * ID High exynos-slsi
CVE-2023-21220 A-264590585 * ID High exynos-slsi
CVE-2023-21226 A-240728187 * ID High modem
CVE-2023-21146 A-239867994 * EoP Moderate LWIS
CVE-2023-21147 A-269661912 * EoP Moderate Pixel camera driver
CVE-2023-21149 A-270050709 * EoP Moderate ShannonRcs
CVE-2023-21151 A-265149414 * EoP Moderate Google BMS Module
CVE-2023-21153 A-264259730 * EoP Moderate rild_exynos
CVE-2023-21157 A-263783137 * EoP Moderate exynos-ril
CVE-2023-21159 A-263783565 * EoP Moderate exynos-ril
CVE-2023-21161 A-263783702 * EoP Moderate exynos-ril
CVE-2023-21222 A-266977723 * EoP Moderate libdmc
CVE-2023-21236 A-270148537 * EoP Moderate aoc_core device driver
CVE-2023-21148 A-263783657 * ID Moderate exynos RIL
CVE-2023-21150 A-267312009 * ID Moderate audio service
CVE-2023-21152 A-269174022 * ID Moderate android.hardware.camera.provider
CVE-2023-21154 A-263783910 * ID Moderate rild_exynos
CVE-2023-21155 A-264540700 * ID Moderate libsitril
CVE-2023-21156 A-264540759 * ID Moderate rild_exynos
CVE-2023-21158 A-263783635 * ID Moderate exynos-ril
CVE-2023-21160 A-263784118 * ID Moderate exynos-ril
CVE-2023-21223 A-256047000 * ID Moderate Exynos SLSI
CVE-2023-21224 A-265276966 * ID Moderate exynos-slsi

Qualcomm components

CVE References Severity Subcomponent
CVE-2022-33303
A-261492548
QC-CR#3181878 [2] [3] [4] [5] [6] [7] [8] [9]
Moderate Kernel

Qualcomm closed-source components

CVE References Severity Subcomponent
CVE-2022-33224
A-261492743 * Moderate Closed-source component
CVE-2022-33226
A-261492388 * Moderate Closed-source component
CVE-2022-33227
A-261492566 * Moderate Closed-source component
CVE-2022-33230
A-261492641 * Moderate Closed-source component
CVE-2022-33240
A-261492550 * Moderate Closed-source component
CVE-2022-33263
A-261492485 * Moderate Closed-source component
CVE-2022-33267
A-238893635 * Moderate Closed-source component

Functional patches

For details on the new bug fixes and functional patches included in this release, refer to the Pixel Community forum.

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Security patch levels of 2023-06-05 or later address all issues associated with the 2023-06-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Google device update schedule.

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation Definition
RCE Remote code execution
EoP Elevation of privilege
ID Information disclosure
DoS Denial of service
N/A Classification not available

3. What do the entries in the References column mean?

Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

Prefix Reference
A- Android bug ID
QC- Qualcomm reference number
M- MediaTek reference number
N- NVIDIA reference number
B- Broadcom reference number
U- UNISOC reference number

4. What does an * next to the Android bug ID in the References column mean?

Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?

Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

Versions

Version Date Notes
1.0 June 13, 2023 Bulletin Published