Google's December Nexus/Pixel security release contained 48 issues, but with only one vulnerability being rated critical and five high, but three could result in a denial of service (DoS) situation if exploited.
Google separates its vulnerabilities by the phone component that they affect. Four of the five “high” rated vulnerabilities (CVE-2017-13154, CVE-2017-0879, CVE-2017-13149 and CVE-2017-13150) impact the media framework component and the latter three of these could result in a DoS or information disclosure, situation if exploited. The fifth “high” rated vulnerability (CVE-2017-13167) impacts kernel components and if exploited could result in an unauthorized person obtaining an elevation of privilege.
The lone critical-rated vulnerability (CVE-2017-14907) is found in Qualcomm closed-source components. Google did not state the type of issue that would arise if the flaw were left unpatched.
The remaining items patched were all had a severity rating of moderate.
All supported Google devices will receive an update to the Dec. 5 patch which the device owner must accept for the device to be properly protected, the company said.