Nest Security Bulletin—August 2022

Published August 9, 2022

 

You can find past Nest Security Bulletins in the archive.

This Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest’s connected home devices. The vulnerabilities listed in this bulletin have been addressed. Devices start receiving (Over the Air) OTA updates the same month the bulletin is released.

Security Patches

Vulnerabilities are grouped under the device family group and component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, and severity.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.

Home/Cast

Firmware version 1.56.3.

Firmware is the software installed on Google Nest or Home speaker or display. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

Kernel

CVE Type Severity

CVE-2019-14901

RCE

Critical

CVE-2021-33909

EoP

High

CVE-2019-11487

EoP

High

CVE-2017-0403

EoP

High

CVE-2017-0794

EoP

High

CVE-2019-2214

EoP

High

CVE-2020-29661

EoP

High

CVE-2021-0512

EoP

High

Cast

This section includes Chromium vulnerabilities in the cast component.

CVE Type Severity

CVE-2021-30571

EoP

Critical

CVE-2021-21201

EoP

Critical

CVE-2021-21223

EoP

Critical

CVE-2022-0097

EoP

Critical

CVE-2021-30518

RCE

High

CVE-2021-30516

EoP

High

CVE-2021-30515

RCE

High

CVE-2021-30510

RCE

High

CVE-2021-21225

RCE

High

CVE-2021-30508

RCE

High

CVE-2021-21203

RCE

High

CVE-2021-21202

EoP

High

CVE-2021-21205

EoP

High

CVE-2021-30523

RCE

High

CVE-2021-38006

RCE

High

CVE-2022-0456

RCE

High

CVE-2021-4057

EoP

High

CVE-2021-30567

RCE

High

CVE-2022-0298

RCE

High

CVE-2022-0453

EoP

High

CVE-2021-30590

RCE

High

CVE-2021-38011

RCE

High

CVE-2022-0293

RCE

High

CVE-2021-38005

RCE

High

CVE-2021-37984

RCE

High

CVE-2022-0100

RCE

High

CVE-2021-30541

RCE

High

CVE-2021-30599

RCE

High

CVE-2021-38003

RCE

High

CVE-2021-38001

RCE

High

CVE-2021-30551

RCE

High

CVE-2021-30598

RCE

High

CVE-2021-38007

RCE

High

CVE-2021-37979

RCE

High

CVE-2021-4079

RCE

High

CVE-2020-6514

RCE

Medium

CVE-2021-21222

EoP

Medium

CVE-2021-38009

ID

Medium

CVE-2021-21221

ID

Medium

WLAN

CVE Type Severity

CVE-2020-11264

EoP

Critical

CVE-2020-26146

ID

Medium

CVE-2020-26145

EoP

Medium

CVE-2020-26144

EoP

Medium

CVE-2020-26140

EoP

Medium

CVE-2020-26143

EoP

Medium

CVE-2020-26139

DoS

Medium

CVE-2020-26141

ID

Medium

MISC

CVE Type Severity

CVE-2021-3517

ID

High

CVE-2021-3518

RCE

High

CVE-2021-45960

DoS

High

CVE-2019-12749

EoP

High

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Firmware is the software installed on Google Nest or Home speaker or display. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.

Find your device's firmware version

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation Definition
RCE Remote code execution
EoP Elevation of privilege
ID Information disclosure
DoS Denial of service
N/A Classification not available 

Get help

Get answers from experts on the Google Nest Community or contact us.

Search
Clear search
Close search
Google apps
Main menu
556470391056599389
true
Search Help Center
true
true
true
false
false