Published September 3, 2019 | Updated September 12, 2019
The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2019-09-05 or later address all issues in this bulletin and all issues in the September 2019 Android Security Bulletin. To learn how to check a device's security patch level, see Check & update your Android version.
All supported Google devices will receive an update to the 2019-09-05 patch level. We encourage all customers to accept these updates for their devices.
Announcements
In addition to the security vulnerabilities described in the September 2019 Android Security Bulletin, supported Google devices that are updated to Android 10 also contain patches for the security vulnerabilities described in this bulletin. Partners were notified that these issues are addressed in Android 10.
Security patches
The following tables include security patches that are addressed on Pixel devices with Android 10. Vulnerabilities are grouped under the component that they affect. Issues are described in the below tables and include CVE ID, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
Broadcom components
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2019-9426 | A-110460199* | EoP | Moderate | Bluetooth |
LG components
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2019-9436 | A-127320561* | EoP | Moderate | Bootloader |
| CVE-2019-2191 | A-68770980* | ID | Moderate | Bootloader |
| CVE-2019-2190 | A-68771598* | ID | Moderate | Bootloader |
Kernel components
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2019-9345 | A-27915347* | EoP | High | Kernel |
| CVE-2019-9461 | A-120209610* | ID | High | VPN |
| CVE-2019-9248 | A-120279144* | EoP | Moderate | Touch driver |
| CVE-2019-9270 | A-65123745* | EoP | Moderate | Wi-Fi |
| CVE-2019-2182 | A-128700140 Upstream kernel |
EoP | Moderate | Kernel MMU |
| CVE-2019-9271 | A-69006201* | EoP | Moderate | MNH driver |
| CVE-2019-9273 | A-70241598* | EoP | Moderate | Touch driver |
| CVE-2019-9274 | A-70809925* | EoP | Moderate | MNH driver |
| CVE-2019-9275 | A-71508439* | EoP | Moderate | MNH driver |
| CVE-2019-9276 | A-70294179* | EoP | Moderate | Touch driver |
| CVE-2019-9441 | A-69006882* | EoP | Moderate | MNH driver |
| CVE-2019-9442 | A-69808778* | EoP | Moderate | MNH driver |
| CVE-2019-9443 | A-70896844* | EoP | Moderate | VL53L0 driver |
| CVE-2019-9446 | A-118617506* | EoP | Moderate | Touch driver |
| CVE-2019-9447 | A-119120571 Upstream kernel |
EoP | Moderate | Touch driver |
| CVE-2019-9448 | A-120141999 Upstream kernel |
EoP | Moderate | Touch driver |
| CVE-2019-9450 | A-120141034 Upstream kernel |
EoP | Moderate | Touch driver |
| CVE-2019-9451 | A-120211415 Upstream kernel |
EoP | Moderate | Touch driver |
| CVE-2019-9454 | A-129148475 Upstream kernel |
EoP | Moderate | I2C driver |
| CVE-2019-9456 | A-71362079 Upstream kernel |
EoP | Moderate | USB driver |
| CVE-2019-9457 | A-116716935 Upstream kernel |
EoP | Moderate | Kernel |
| CVE-2019-9458 | A-117989855 Upstream kernel |
EoP | Moderate | Video driver |
| CVE-2019-8912 | A-125367761 Upstream kernel |
EoP | Moderate | Crypto |
| CVE-2018-18397 | A-124036248 Upstream kernel |
EoP | Moderate | Storage |
| CVE-2018-14614 | A-116406552 Upstream kernel |
EoP | Moderate | Storage |
| CVE-2018-1000199 | A-110918800 Upstream kernel |
EoP | Moderate | ptrace |
| CVE-2018-13096 | A-113148557 Upstream kernel |
EoP | Moderate | Storage |
| CVE-2018-5803 | A-112406370 Upstream kernel |
DoS | Moderate | SCTP |
| CVE-2019-2189 | A-112312381 | EoP | Moderate | Image driver |
| CVE-2019-2188 | A-112309571* | EoP | Moderate | Image driver |
| CVE-2017-16939 | A-70521013 Upstream kernel |
EoP | Moderate | Netlink XFRM |
| CVE-2018-20169 | A-120783657 Upstream kernel |
ID | Moderate | USB driver |
| CVE-2019-9245 | A-120491338 Upstream kernel |
ID | Moderate | Storage driver |
| CVE-2019-9444 | A-78597155 Upstream kernel |
ID | Moderate | Storage driver |
| CVE-2019-9445 | A-118153030 Upstream kernel |
ID | Moderate | Storage driver |
| CVE-2019-9449 | A-120141031 Upstream kernel |
ID | Moderate | Touch driver |
| CVE-2019-9452 | A-120211708 Upstream kernel |
ID | Moderate | Touch driver |
| CVE-2019-9453 | A-126558260 Upstream kernel |
ID | Moderate | Storage driver |
| CVE-2019-9455 | A-121035792 Upstream kernel |
ID | Moderate | Video driver |
| CVE-2018-19985 | A-131963918 Upstream kernel |
ID | Moderate | USB driver |
| CVE-2018-20511 | A-123742046 Upstream kernel |
ID | Moderate | nNet/AppleTalk |
| CVE-2018-1000204 | A-113096593 Upstream kernel |
ID | Moderate | Storage |
Qualcomm components
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2017-14888 | A-70237718 QC-CR#2119729 |
N/A | Moderate | WLAN host |
| CVE-2018-3573 | A-72957667 QC-CR#2124525 |
N/A | Moderate | Bootloader |
| CVE-2017-15844 | A-67749071 QC-CR#2127276 |
N/A | Moderate | Kernel |
| CVE-2018-3574 | A-72957321 QC-CR#2148121 [2] [3] |
N/A | Moderate | Kernel |
| CVE-2018-5861 | A-77527684 QC-CR#2167135 |
N/A | Moderate | Bootloader |
| CVE-2018-11302 | A-109741923 QC-CR#2209355 |
N/A | Moderate | WLAN host |
| CVE-2018-5919 | A-65423852 QC-CR#2213280 |
N/A | Moderate | WLAN host |
| CVE-2018-11818 | A-111127974 QC-CR#2170083 [2] |
N/A | Moderate | MDSS driver |
| CVE-2018-11832 | A-111127793 QC-CR#2212896 |
N/A | Moderate | Kernel |
| CVE-2018-11893 | A-111127990 QC-CR#2231992 |
N/A | Moderate | WLAN host |
| CVE-2018-11919 | A-79217930 QC-CR#2209134 [2] [3] |
N/A | Moderate | Kernel |
| CVE-2018-11939 | A-77237693 QC-CR#2254305 |
N/A | Moderate | WLAN host |
| CVE-2018-11823 | A-112277122 QC-CR#2204519 |
N/A | Moderate | Power |
| CVE-2018-11929 | A-112277631 QC-CR#2231300 |
N/A | Moderate | WLAN host |
| CVE-2018-11943 | A-72117228 QC-CR#2257823 |
N/A | Moderate | Bootloader |
| CVE-2018-11947 | A-112277911 QC-CR#2246110 [2] |
N/A | Moderate | WLAN host |
| CVE-2018-11947 | A-112278406 QC-CR#2272696 |
N/A | Moderate | WLAN host |
| CVE-2018-11942 | A-112278151 QC-CR#2257688 |
N/A | Moderate | WLAN host |
| CVE-2018-11983 | A-80095430 QC-CR#2262576 |
N/A | Moderate | Kernel |
| CVE-2018-11984 | A-80435805 QC-CR#2266693 |
N/A | Moderate | Kernel |
| CVE-2018-11987 | A-70638103 QC-CR#2258691 |
N/A | Moderate | Kernel |
| CVE-2018-11985 | A-114041193 QC-CR#2163851 |
N/A | Moderate | Bootloader |
| CVE-2018-11988 | A-114041748 QC-CR#2172134 [2] |
N/A | Moderate | Kernel |
| CVE-2018-11986 | A-62916765 QC-CR#2266969 |
N/A | Moderate | Camera |
| CVE-2018-12010 | A-62711756 QC-CR#2268386 |
N/A | Moderate | Kernel |
| CVE-2018-12006 | A-77237704 QC-CR#2257685 [2] |
N/A | Moderate | Display |
| CVE-2018-13893 | A-80302295 QC-CR#2291309 [2] |
N/A | Moderate | diag_mask |
| CVE-2018-12011 | A-109697864 QC-CR#2274853 |
N/A | Moderate | Kernel |
| CVE-2018-13912 | A-119053502 QC-CR#2283160 [2] |
N/A | Moderate | Camera |
| CVE-2018-13913 | A-119053530 QC-CR#2286485 [2] |
N/A | Moderate | Display |
| CVE-2018-3564 | A-119052383 QC-CR#2225279 |
N/A | Moderate | DSP services |
| CVE-2019-2248 | A-122474006 QC-CR#2328906 |
N/A | Moderate | Display |
| CVE-2019-2277 | A-127512945 QC-CR#2342812 |
N/A | Moderate | WLAN host |
| CVE-2019-2263 | A-116024809 QC-CR#2076623 |
N/A | Moderate | Kernel |
| CVE-2019-2345 | A-110849476 QC-CR#2115578 |
N/A | Moderate | Camera |
| CVE-2019-2306 | A-115907574 QC-CR#2337383 [2] |
N/A | Moderate | Display |
| CVE-2019-2299 | A-117988970 QC-CR#2243169 |
N/A | Moderate | WLAN host |
| CVE-2019-2312 | A-117885392 QC-CR#2341890 |
N/A | Moderate | WLAN host |
| CVE-2019-2314 | A-120028144 QC-CR#2357704 |
N/A | Moderate | Display |
| CVE-2019-2314 | A-120029095 QC-CR#2357704 |
N/A | Moderate | Display |
| CVE-2019-2302 | A-130565935 QC-CR#2300516 |
N/A | Moderate | WLAN host |
| CVE-2019-10506 | A-117885703 QC-CR#2252793 |
N/A | Moderate | WLAN host |
| CVE-2018-13890 | A-111274306 QC-CR#2288818 |
N/A | Moderate | WLAN host |
| CVE-2019-10507 | A-132170503 QC-CR#2253396 |
N/A | Moderate | WLAN host |
| CVE-2019-10508 | A-132173922 QC-CR#2288818 |
N/A | Moderate | WLAN host |
| CVE-2019-2284 | A-132173427 QC-CR#2358765 |
N/A | Moderate | Camera |
| CVE-2019-2333 | A-132171964 QC-CR#2381014 [2] [3] |
N/A | Moderate | Kernel |
| CVE-2019-2341 | A-132172264 QC-CR#2389324 [2] |
N/A | Moderate | Audio |
| CVE-2019-10497 | A-132173298 QC-CR#2395102 |
N/A | Moderate | Audio |
| CVE-2019-10542 | A-134440623 QC-CR#2359884 |
N/A | Moderate | WLAN host |
| CVE-2019-10502 | A-134441002 QC-CR#2401297 [2] [3] |
N/A | Moderate | Camera |
| CVE-2019-10528 | A-63528466 QC-CR#2133028 [2] |
N/A | Moderate | Kernel |
| CVE-2018-11825 | A-117985523 QC-CR#2205722 |
N/A | Moderate | WLAN host |
| CVE-2019-10565 | A-129275872 QC-CR#2213706 |
N/A | Moderate | Camera |
Qualcomm closed-source components
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2018-11899 | A-69383398* | N/A | Moderate | Closed-source component |
| CVE-2019-2298 | A-118897119* | N/A | Moderate | Closed-source component |
| CVE-2019-2281 | A-129765896* | N/A | Moderate | Closed-source component |
| CVE-2019-2343 | A-130566880* | N/A | Moderate | Closed-source component |
Functional patches
Please see this post for a description of features included with Android 10.
Common questions and answers
This section answers common questions that may occur after reading this bulletin.
1. How do I determine if my device is updated to address these issues?
Security patch levels of 2019-09-05 or later address all issues associated with the 2019-09-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Google device update schedule.
2. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
| Abbreviation | Definition |
|---|---|
| RCE | Remote code execution |
| EoP | Elevation of privilege |
| ID | Information disclosure |
| DoS | Denial of service |
| N/A | Classification not available |
3. What do the entries in the References column mean?
Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
| Prefix | Reference |
|---|---|
| A- | Android bug ID |
| QC- | Qualcomm reference number |
| M- | MediaTek reference number |
| N- | NVIDIA reference number |
| B- | Broadcom reference number |
4. What does an * next to the Android bug ID in the References column mean?
Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?
Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.
Versions
| Version | Date | Notes |
|---|---|---|
| 1.0 | September 3, 2019 | Bulletin published. |
| 1.1 | September 12, 2019 | Bulletin updated. |