Nest Security Bulletin—December 2022

Published December 27, 2022

You can find past Nest Security Bulletins in the archive.

This Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest’s connected home devices. The vulnerabilities listed in this bulletin have been addressed. Devices start receiving (Over-the-Air) OTA updates the same month the bulletin is released.

Security Patches

Vulnerabilities are grouped under the device family group and component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, and severity.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.

Speakers and Displays

Firmware version 1.56.4.

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

List of Devices included in the update

Nest Hub (2nd gen)                                

Nest Audio

Nest Mini

Google Home Mini

Google Home

Kernel

CVE

Type

Severity

CVE-2019-19078

DoS

High

CVE-2022-20227

ID

High

CVE-2021-39800

ID

High

CVE-2021-39801

ID

High

CVE-2022-20141

EoP

High

CVE-2022-0847

EoP

High

CVE-2022-24958

EoP

High

CVE-2021-22570

DoS

Medium

CVE-2022-25258

DoS

Medium

CVE-2022-20136

ID

Medium

AMLogic

CVE

Type

Severity

CVE-2017-7564

DoS

High

CVE-2017-15031

ID

High

 

Cameras and Doorbells

Firmware version 1.65c.

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

List of Devices included in the update

Kernel

CVE

Type

Severity

CVE-2019-17666

RCE

Critical

CVE-2020-0404

EoP

High

CVE-2022-20421

EoP

High

CVE-2022-20422

EoP

High

CVE-2022-20423

EoP

High

CVE-2017-17558

EoP

High

CVE-2019-19532

EoP

High

CVE-2019-19524

EoP

High

CVE-2020-0009

EoP

High

CVE-2020-0423

EoP

High

CVE-2020-0444

EoP

High

CVE-2020-0465

EoP

High

CVE-2020-14381

EoP

High

CVE-2020-15436

EoP

High

CVE-2020-29368

EoP

High

CVE-2020-29660

EoP

High

CVE-2020-8647

EoP

High

CVE-2020-8648

EoP

High

CVE-2021-0512

EoP

High

CVE-2021-39634

EoP

High

CVE-2022-0847

EoP

High

CVE-2022-20141

EoP

High

CVE-2022-24958

EoP

High

CVE-2022-25258

EoP

High

CVE-2020-10768

ID

High

CVE-2020-25705

ID

High

CVE-2021-3655

ID

High

CVE-2022-20136

ID

High

CVE-2022-20227

ID

High

CVE-2017-0794

EoP

Medium

WLAN

CVE

Type

Severity

CVE-2020-11264

EoP

Critical

CVE-2020-24586

EoP

High

CVE-2020-24588

EoP

High

CVE-2020-26139

DoS

High

CVE-2020-26141

ID

High

CVE-2020-26144

EoP

High

CVE-2020-26145

EoP

High

CVE-2020-26146

ID

High

CVE-2020-26147

EoP

High

CVE-2020-26140

EoP

Moderate

CVE-2020-24587

ID

Low

CVE-2019-15126

ID

Low

AMLogic

CVE

Type

Severity

CVE-2017-15031

ID

High

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Firmware is the software installed on your Google Nest device. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

Find your device's firmware version

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available 

Get help

Get answers from experts on the Google Nest Community or contact us.

Search
Clear search
Close search
Google apps
Main menu
16536549417219675944
true
Search Help Center
true
true
true
false
false