8
0

GrapheneOS version 2026050900 released

1mon 5d ago by toast.ooo/u/cm0002 in grapheneos@discuss.tchncs.de from grapheneos.org

Tags:

  • 2026050900 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, Pixel 10a, emulator, generic, other targets)

Changes since the 2026050700 release:

  • fix for an upstream Broadcom Wi-Fi bcm4383 driver memory corruption bug to avoid invalid memory accesses caught by the kernel hardware memory tagging enabled by GrapheneOS (the May 2026 Wi-Fi firmware + kernel driver update introduced this issue for the Pixel 8a and Pixel 9a)
  • backport Broadcom Wi-Fi bcm4383 driver changes from CP21.260330.008 (Android 17 Beta 4) to avoid invalid memory accesses (this didn't end up resolving the hardware memory tagging crashes introduced in the May 2026 Pixel update but we kept this to fix additional issues)
  • disable buggy upstream IStatusBarNotificationHolder optimization via the upstream feature flag (no_sbnholder) due to it causing occasional system_server crashes from sending overly large Binder transactions

All of the Android 16 security patches from the current June 2026, July 2026, August 2026, September 2026, October 2026 and November 2026 Android Security Bulletins are included in the 2026050901 security preview release. List of additional fixed CVEs:

  • Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0051, CVE-2026-0052, CVE-2026-0080, CVE-2026-0097, CVE-2026-21352, CVE-2026-21353, CVE-2026-27280, CVE-2026-28590, CVE-2026-28591, CVE-2026-28604
  • High: CVE-2025-22424, CVE-2025-22426, CVE-2025-48600, CVE-2025-48612, CVE-2026-0008, CVE-2026-0016, CVE-2026-0036, CVE-2026-0048, CVE-2026-0050, CVE-2026-0053, CVE-2026-0054, CVE-2026-0055, CVE-2026-0056, CVE-2026-0059, CVE-2026-0060, CVE-2026-0061, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0067, CVE-2026-0070, CVE-2026-0074, CVE-2026-0075, CVE-2026-0076, CVE-2026-0077, CVE-2026-0078, CVE-2026-0079, CVE-2026-0084, CVE-2026-0085, CVE-2026-0086, CVE-2026-0087, CVE-2026-0088, CVE-2026-0089, CVE-2026-0091, CVE-2026-0093, CVE-2026-0094, CVE-2026-0095, CVE-2026-0096, CVE-2026-0098, CVE-2026-0099, CVE-2026-0100, CVE-2026-28572, CVE-2026-28574, CVE-2026-28577, CVE-2026-28578, CVE-2026-28580, CVE-2026-28581, CVE-2026-28583, CVE-2026-28585, CVE-2026-28586, CVE-2026-28594, CVE-2026-28596, CVE-2026-28599, CVE-2026-28600, CVE-2026-28602, CVE-2026-28603, CVE-2026-28607, CVE-2026-28609, CVE-2026-28612, CVE-2026-28617, CVE-2026-28619, CVE-2026-28620
  • Unclassified: CVE-2026-28618

For detailed information on security preview releases, see our post about it.