自 2025 年 3 月 27 日起,我们建议您使用 android-latest-release
而非 aosp-main
构建 AOSP 并为其做出贡献。如需了解详情,请参阅 AOSP 的变更。
Pixel 更新公告 - 2019 年 10 月
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
发布时间:2019 年 10 月 7 日 | 更新时间:2020 年 6 月 29 日
本 Pixel 更新公告详细介绍了会影响受支持的 Pixel 设备(以下简称 Google 设备)的安全漏洞和功能改进。对于 Google 设备,如果安全补丁程序级别是 2019-10-05 或更新,则意味着已解决本公告以及 2019 年 10 月的 Android 安全公告中所述的所有问题。如需了解如何查看设备的安全补丁级别,请参阅查看并更新 Android 版本。
所有受支持的 Google 设备都将会收到 2019-10-05 补丁级别的更新。建议所有用户都在自己的设备上接受这些更新。
通告
- Pixel 1 和 Pixel 2 设备将在 10 月更新期间收到 CVE-2019-2215 补丁程序。Pixel 3 和 Pixel 3a 设备不会受到此问题的影响。
- 除了 2019 年 10 月的 Android 安全公告中所述的安全漏洞外,Google 设备中还包含针对下述安全漏洞的补丁程序。在适用情况下,合作伙伴在至少一个月前就已收到关于这些问题的通知,并可以选择将针对这些问题的补丁程序纳入到其设备更新中。
安全补丁
漏洞按照其影响的组件进行分类,内容包括问题描述和一个表,该表中包含 CVE、相关参考编号、漏洞类型、严重程度和已更新的 Android 开源项目 (AOSP) 版本(若有)。如果有解决相应问题的公开更改记录(例如 AOSP 代码更改列表),我们会将 bug ID 链接到该记录。如果某个 bug 有多条相关的代码更改记录,我们还会通过 bug ID 后面的数字链接到更多参考内容。
框架
CVE |
参考编号 |
类型 |
严重程度 |
组件 |
CVE-2019-2183 |
A-136261465 |
ID |
高 |
RegisteredServicesCache |
Qualcomm 组件
功能补丁程序
我们针对受影响的 Google 设备纳入了以下更新,以解决与 Google 设备的安全性无关的功能问题。下表中包含相关参考编号、受影响的类别(例如蓝牙或移动数据网络)、改进功能以及受影响设备。
参考编号 |
类别 |
改进 |
设备 |
A-138482990 |
连接 |
改进了 WLAN 稳定性 |
Pixel、Pixel XL、Pixel 2、Pixel 2 XL、Pixel 3、Pixel 3 XL、Pixel 3a、Pixel 3a XL |
A-139096431 |
Pixel Stand |
修复了在 Pixel Stand 模式下漏掉通知的问题 |
Pixel 3、Pixel 3 XL |
A-140632869 |
传感器 |
改进了传感器校准 |
Pixel 3、Pixel 3 XL |
A-140111727 |
系统 |
改进了系统稳定性 |
Pixel、Pixel XL、Pixel 2、Pixel 2 XL、Pixel 3、Pixel 3 XL、Pixel 3a、Pixel 3a XL |
A-138323667 |
界面 |
修复了界面内存不足的问题 |
Pixel、Pixel XL、Pixel 2、Pixel 2 XL、Pixel 3、Pixel 3 XL、Pixel 3a、Pixel 3a XL |
A-138775282 |
界面 |
修复了漏掉浮动通知的问题 |
Pixel、Pixel XL、Pixel 2、Pixel 2 XL、Pixel 3、Pixel 3 XL、Pixel 3a、Pixel 3a XL |
A-138881088 |
界面 |
改进了手势导航的稳定性 |
Pixel、Pixel XL、Pixel 2、Pixel 2 XL、Pixel 3、Pixel 3 XL、Pixel 3a、Pixel 3a XL |
A-140197723 |
界面 |
修复了特定设备语言区域模式下的循环启动问题 |
Pixel、Pixel XL、Pixel 2、Pixel 2 XL、Pixel 3、Pixel 3 XL、Pixel 3a、Pixel 3a XL |
常见问题和解答
这一部分解答了用户在阅读本公告后可能会提出的常见问题。
1. 如何确定我的设备是否已通过更新解决这些问题?
如果安全补丁级别是 2019-10-05 或更新,则意味着已解决 2019-10-05 以及之前的所有安全补丁级别涵盖的所有问题。若要了解如何查看设备的安全补丁级别,请参阅 Google 设备更新时间表中的说明。
2. “类型”列中的条目表示什么意思?
在漏洞详情表内,“类型”列中的条目是安全漏洞的分类。
缩写词 |
定义 |
RCE |
远程代码执行 |
EoP |
提权 |
ID |
信息披露 |
DoS |
拒绝服务攻击 |
N/A |
没有分类 |
3. “参考编号”列中的条目表示什么意思?
在漏洞详情表内,“参考编号”列中的条目可能包含用于标识参考编号值所属组织的前缀。
前缀 |
参考编号 |
A- |
Android bug ID |
QC- |
Qualcomm 参考编号 |
M- |
MediaTek 参考编号 |
N- |
NVIDIA 参考编号 |
B- |
Broadcom 参考编号 |
4. 在“参考编号”列中,Android bug ID 旁边的 * 表示什么意思?
如果问题尚未公开发布,则在“参考编号”列中,相应 Android bug ID 旁边会显示 *。Google Developers 网站上针对 Pixel 设备的最新二进制驱动程序中通常包含用于解决相应问题的更新。
5. 为什么要将安全漏洞拆分到本公告和 Android 安全公告中?
若要声明 Android 设备的最新安全补丁级别,必须修复 Android 安全公告中记录的安全漏洞。但在声明安全补丁级别时,并不是必须要修复其他安全漏洞(如本公告中记录的漏洞)。
版本
版本 |
日期 |
备注 |
1.0 |
2019 年 10 月 7 日 |
发布了本公告。 |
1.1 |
2020 年 6 月 29 日 |
修改了 CVE 表格。 |
本页面上的内容和代码示例受内容许可部分所述许可的限制。Java 和 OpenJDK 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-08-08。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-08。"],[],[],null,["# Pixel Update Bulletin—October 2019\n\n*Published October 7, 2019 \\| Updated June 29, 2020*\n\nThe Pixel Update Bulletin contains details of security vulnerabilities and\nfunctional improvements affecting [supported\nPixel devices](https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices) (Google devices). For Google devices, security patch levels of\n2019-10-05 or later address all issues in this bulletin and all issues in the\nOctober 2019 Android Security Bulletin. To learn how to check a device's\nsecurity patch level, see\n[Check \\& update\nyour Android version](https://support.google.com/pixelphone/answer/4457705).\n\nAll supported Google devices will receive an update to the 2019-10-05 patch\nlevel. We encourage all customers to accept these updates for their devices.\n| **Note:** The Google device firmware images are available on the [Google\n| Developer site](https://developers.google.com/android/images).\n\nAnnouncements\n-------------\n\n- Pixel 1 and Pixel 2 devices will receive the patch for CVE-2019-2215 as part of the October update. Pixel 3 and Pixel 3a devices are not vulnerable to this issue.\n- In addition to the security vulnerabilities described in the October 2019 Android Security Bulletin, Google devices also contain patches for the security vulnerabilities described below. When applicable, partners were notified of these issues at least a month ago and may choose to incorporate them as part of their device updates.\n\nSecurity patches\n----------------\n\nVulnerabilities are grouped under the component that they affect. There is a\ndescription of the issue and a table with the CVE, associated references, [type of vulnerability](#type), [severity](/security/overview/updates-resources#severity),\nand updated Android Open Source Project (AOSP) versions (where applicable). When\navailable, we link the public change that addressed the issue to the bug ID,\nlike the AOSP change list. When multiple changes relate to a single bug,\nadditional references are linked to numbers following the bug ID.\n\n### Framework\n\n| CVE | References | Type | Severity | Component |\n|---------------|---------------------------------------------------------------------------------------------------------------------|------|----------|-------------------------|\n| CVE-2019-2183 | [A-136261465](https://android.googlesource.com/platform/frameworks/base/+/40431ae1bc29906590cc9fdb03a71e4d2f3a7fe9) | ID | High | RegisteredServicesCache |\n\n### Qualcomm components\n\n| CVE | References | Type | Severity | Component |\n|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------|----------|-----------|\n| CVE-2018-11934 | A-73173201 [QC-CR#2237661](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dcecfdf44c8526930771b4150caebfc9cd6cc3f5) | N/A | Moderate | WLAN host |\n| CVE-2019-2247 | A-122475456 [QC-CR#2328472](https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit?id=b4137f32616e7c8db12a84014cfa3bcb884c65b9) | N/A | Moderate | Kernel |\n| CVE-2019-2297 | A-117937358 [QC-CR#2205722](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=e5c289648f5454d7aaa3e8967f158cb0d31943ea) | N/A | Moderate | WLAN host |\n| CVE-2019-10563 | A-136501612 [QC-CR#2213655](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=468ffaac90d93623bbc2f8f6743c4e4e0b9a53f5) | N/A | Moderate | WLAN host |\n| CVE-2019-10566 | A-112432329 [QC-CR#2312995](https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=561e3ed2aec2b6425b89e732e5479106bc696950) | N/A | Moderate | WLAN host |\n\nFunctional patches\n------------------\n\nThese updates are included for affected Google devices to address\nfunctionality issues not related to the security of Google devices. The table\nincludes associated references; the affected category, such as Bluetooth or\nmobile data; improvements; and affected devices.\n\n| References | Category | Improvements | Devices |\n|-------------|--------------|---------------------------------------------------|----------------------------------------------------------------------------------|\n| A-138482990 | Connectivity | Wi-Fi stability improvements | Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL |\n| A-139096431 | Pixel Stand | Fix for missing notifications in Pixel Stand mode | Pixel 3, Pixel 3 XL |\n| A-140632869 | Sensors | Sensor calibration improvements | Pixel 3, Pixel 3 XL |\n| A-140111727 | System | System stability improvements | Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL |\n| A-138323667 | UI | Fix for memory drain in UI | Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL |\n| A-138775282 | UI | Fix for missing heads-up notifications | Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL |\n| A-138881088 | UI | Gesture navigation stability improvements | Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL |\n| A-140197723 | UI | Fix for bootloop in certain device locale modes | Pixel, Pixel XL, Pixel 2, Pixel 2 XL, Pixel 3, Pixel 3 XL, Pixel 3a, Pixel 3a XL |\n\nCommon questions and answers\n----------------------------\n\n\nThis section answers common questions that may occur after reading this\nbulletin.\n\n\n**1. How do I determine if my device is updated to address these issues?**\n\nSecurity patch levels of 2019-10-05 or later address all issues associated\nwith the 2019-10-05 security patch level and all previous patch levels. To learn\nhow to check a device's security patch level, read the instructions on the [Google device update schedule](https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices).\n\n\n**2. What do the entries in the *Type* column mean?**\n\nEntries in the *Type* column of the vulnerability details table\nreference the classification of the security vulnerability.\n\n| Abbreviation | Definition |\n|--------------|------------------------------|\n| RCE | Remote code execution |\n| EoP | Elevation of privilege |\n| ID | Information disclosure |\n| DoS | Denial of service |\n| N/A | Classification not available |\n\n\n**3. What do the entries in the *References* column mean?**\n\nEntries under the *References* column of the vulnerability details\ntable may contain a prefix identifying the organization to which the reference\nvalue belongs.\n\n| Prefix | Reference |\n|--------|---------------------------|\n| A- | Android bug ID |\n| QC- | Qualcomm reference number |\n| M- | MediaTek reference number |\n| N- | NVIDIA reference number |\n| B- | Broadcom reference number |\n\n\n**4. What does an \\* next to the Android bug ID in the *References*\ncolumn mean?**\n\nIssues that are not publicly available have an \\* next to the Android bug ID\nin the *References* column. The update for that issue is generally\ncontained in the latest binary drivers for Pixel devices available from the\n[Google Developer site](https://developers.google.com/android/drivers).\n\n\n**5. Why are security vulnerabilities split between this bulletin and the\nAndroid Security Bulletins?**\n\nSecurity vulnerabilities that are documented in the Android Security\nBulletins are required to declare the latest security patch level on Android\ndevices. Additional security vulnerabilities, such as those documented in this\nbulletin are not required for declaring a security patch level.\n\nVersions\n--------\n\n| Version | Date | Notes |\n|---------|-----------------|---------------------|\n| 1.0 | October 7, 2019 | Bulletin published. |\n| 1.1 | June 29, 2020 | Revised CVE table. |"]]