GrapheneOS version 2025102200 released
Tags:
- 2025102200 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, emulator, generic, other targets)
Changes since the 2025100900 release:
- adevtool: add satellite eSIM overlays to avoid the special Skylo eSIM on 9th/10th gen Pixels being listed as a regular eSIM and being possible to erase with the regular eSIM erase functionality
- kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.111
- kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.52
- System Updater: prevent reboot and security preview notifications from timing out after 3 days which is standard behavior since Android 15 QPR1
- System Updater: mark notification permission as fixed to prevent disabling overall notifications, but enable blocking progress, failure and already up to date notification channels
- Sandboxed Google Play compatibility layer: add support for overriding BinderProxy transactions
- Sandboxed Google Play compatibility layer: add support for out-of-band updates to GmsCompatLib
- Vanadium: update to version 141.0.7390.111.0
- Vanadium: update to version 141.0.7390.122.0
- raise emulator super / dynamic partition size due to reaching the limit in some cases
- adevtool: prefer prebuilt AOSP JDK 21
All of the Android 16 security patches from the current November 2025, December 2025 and January 2026 Android Security Bulletins are included in the 2025102201 security preview release. List of additional fixed CVEs:
- Critical: CVE-2025-48593, CVE-2025-48631
- High: CVE-2022-25836, CVE-2022-25837, CVE-2023-40130, CVE-2024-43766, CVE-2025-22420, CVE-2025-22432, CVE-2025-32319, CVE-2025-32348, CVE-2025-48525, CVE-2025-48536, CVE-2025-48555, CVE-2025-48564, CVE-2025-48565, CVE-2025-48566, CVE-2025-48567, CVE-2025-48572, CVE-2025-48573, CVE-2025-48574, CVE-2025-48575, CVE-2025-48576, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48580, CVE-2025-48582, CVE-2025-48583, CVE-2025-48584, CVE-2025-48585, CVE-2025-48586, CVE-2025-48587, CVE-2025-48589, CVE-2025-48590, CVE-2025-48592, CVE-2025-48594, CVE-2025-48596, CVE-2025-48597, CVE-2025-48598, CVE-2025-48600, CVE-2025-48601, CVE-2025-48602, CVE-2025-48603, CVE-2025-48604, CVE-2025-48605, CVE-2025-48609, CVE-2025-48612, CVE-2025-48614, CVE-2025-48615, CVE-2025-48616, CVE-2025-48617, CVE-2025-48618, CVE-2025-48619, CVE-2025-48620, CVE-2025-48621, CVE-2025-48622, CVE-2025-48626, CVE-2025-48628, CVE-2025-48629, CVE-2025-48630, CVE-2025-48632, CVE-2025-48633, CVE-2025-48634
2025100901 provides at least the full 2025-11-01 patch level and the Android 2025-11-05 patch level (Pixel Update Bulletin could have fixes we don't get early) but will remain marked as providing 2025-10-05.
For detailed information on security preview releases, see our post about it.
GrapheneOS security preview releases - GrapheneOS Discussion Forum
GrapheneOS discussion forumGrapheneOS Discussion Forum
warmaster
in reply to KindnessInfinity • • •Today I received the invitation to update. It explained the embargo fiasco pretty clearly, and it's well designed in order to influence the user to accept it. But still opt in.
Easy, short and to the point. Great work all around.