Nest Security Bulletin—December 2022

Published December 27, 2022

You can find past Nest Security Bulletins in the archive.

This Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest’s connected home devices. The vulnerabilities listed in this bulletin have been addressed. Devices start receiving (Over-the-Air) OTA updates the same month the bulletin is released.

Security Patches

Vulnerabilities are grouped under the device family group and component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, and severity.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.

Speakers and Displays

Firmware version 1.56.4.

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

List of Devices included in the update

Nest Hub (2nd gen)

Nest Audio

Nest Mini

Google Home Mini

Google Home

Kernel

CVE	Type	Severity
CVE-2019-19078	DoS	High
CVE-2022-20227	ID	High
CVE-2021-39800	ID	High
CVE-2021-39801	ID	High
CVE-2022-20141	EoP	High
CVE-2022-0847	EoP	High
CVE-2022-24958	EoP	High
CVE-2021-22570	DoS	Medium
CVE-2022-25258	DoS	Medium
CVE-2022-20136	ID	Medium

AMLogic

CVE	Type	Severity
CVE-2017-7564	DoS	High
CVE-2017-15031	ID	High

Cameras and Doorbells

Firmware version 1.65c.

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

List of Devices included in the update

Nest Doorbell (battery)

Nest Cam (outdoor or indoor, battery)

Nest Cam with floodlight

Nest Cam (indoor, wired)

Kernel

CVE	Type	Severity
CVE-2019-17666	RCE	Critical
CVE-2020-0404	EoP	High
CVE-2022-20421	EoP	High
CVE-2022-20422	EoP	High
CVE-2022-20423	EoP	High
CVE-2017-17558	EoP	High
CVE-2019-19532	EoP	High
CVE-2019-19524	EoP	High
CVE-2020-0009	EoP	High
CVE-2020-0423	EoP	High
CVE-2020-0444	EoP	High
CVE-2020-0465	EoP	High
CVE-2020-14381	EoP	High
CVE-2020-15436	EoP	High
CVE-2020-29368	EoP	High
CVE-2020-29660	EoP	High
CVE-2020-8647	EoP	High
CVE-2020-8648	EoP	High
CVE-2021-0512	EoP	High
CVE-2021-39634	EoP	High
CVE-2022-0847	EoP	High
CVE-2022-20141	EoP	High
CVE-2022-24958	EoP	High
CVE-2022-25258	EoP	High
CVE-2020-10768	ID	High
CVE-2020-25705	ID	High
CVE-2021-3655	ID	High
CVE-2022-20136	ID	High
CVE-2022-20227	ID	High
CVE-2017-0794	EoP	Medium

WLAN

CVE	Type	Severity
CVE-2020-11264	EoP	Critical
CVE-2020-24586	EoP	High
CVE-2020-24588	EoP	High
CVE-2020-26139	DoS	High
CVE-2020-26141	ID	High
CVE-2020-26144	EoP	High
CVE-2020-26145	EoP	High
CVE-2020-26146	ID	High
CVE-2020-26147	EoP	High
CVE-2020-26140	EoP	Moderate
CVE-2020-24587	ID	Low
CVE-2019-15126	ID	Low

AMLogic

CVE	Type	Severity
CVE-2017-15031	ID	High

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

Find your device's firmware version

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation	Definition
RCE	Remote code execution
EoP	Elevation of privilege
ID	Information disclosure
DoS	Denial of service
N/A	Classification not available

Get help

Get answers from experts on the Google Nest Community or contact us.