GrapheneOS version 2026030100 released

Tags:

• 2026030100 (Pixel 6, Pixel 6 Pro, Pixel 6a, Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel Tablet, Pixel Fold, Pixel 8, Pixel 8 Pro, Pixel 8a, Pixel 9, Pixel 9 Pro, Pixel 9 Pro XL, Pixel 9 Pro Fold, Pixel 9a, Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold, emulator, generic, other targets)

Changes since the 2026020600 release:

• SystemUI: migrate to the modern lockscreen infrastructure (smartspace) for showing lockscreen device status info to avoid many upstream bugs caused by AOSP still using the legacy lockscreen infrastructure no longer used on the stock Pixel OS (this allows us to revert a bunch of downstream fixes we were using)
• Settings: don't allow disabling eSIM when eSIM management support is disabled since it can persistently prevent using the eSIMs without using ADB shell to undo it
• modify our multicast firewall to stop dropping route advertisements received on the VPN interface which sometimes breaks IPv6 connectivity
• fix rare edge preventing dismissing the UI for our 2-factor fingerprint unlock feature
• Setup Wizard: add opt-in toggles for network-based location and always available Wi-Fi scanning to the Location services page
• kernel (Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold): raise lockdown mode from integrity to confidentiality mode to match the other devices
• kernel (Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, Pixel 10 Pro Fold): add workaround for an upstream arm64 KVM bug breaking booting with lockdown in confidentiality mode
• kernel (6.1): update to latest GKI LTS branch revision including update to 6.1.163
• kernel (6.6): update to latest GKI LTS branch revision including update to 6.6.126
• kernel (6.12): update to latest GKI LTS branch revision including update to 6.12.73
• hardened_malloc: update libdivide to 5.3.0
• hardened_malloc: fix handling one form of realloc from small allocations made with alignment above PAGE_SIZE (no known real world examples and it would be crashing if it was happening since it causes internal invalid accesses unable to go outside the bounds of the protected metadata region which is mainly PROT_NONE)
• Vanadium: update to version 145.0.7632.75.0
• Vanadium: update to version 145.0.7632.109.0
• Vanadium: update to version 145.0.7632.120.0
• Vanadium: update to version 146.0.7680.31.0
• adevtool: handle Node.js fs.cp behavior change
• adevtool: update dependencies

All of the Android 16 security patches from the current March 2026, April 2026, May 2026, June 2026, July 2026 and August 2026 Android Security Bulletins are included in the 2026030101 security preview release. List of additional fixed CVEs:

• Critical: CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, CVE-2026-0042, CVE-2026-0043, CVE-2026-0044, CVE-2026-0047, CVE-2026-0049, CVE-2026-0052
• High: CVE-2025-22424, CVE-2025-22426, CVE-2025-32348, CVE-2025-48600, CVE-2025-48612, CVE-2025-48615, CVE-2025-48617, CVE-2025-48630, CVE-2025-48641, CVE-2025-48642, CVE-2025-48644, CVE-2025-48645, CVE-2025-48646, CVE-2025-48649, CVE-2025-48652, CVE-2025-48653, CVE-2025-48654, CVE-2025-64783, CVE-2025-64784, CVE-2025-64893, CVE-2026-0011, CVE-2026-0014, CVE-2026-0015, CVE-2026-0016, CVE-2026-0017, CVE-2026-0018, CVE-2026-0020, CVE-2026-0021, CVE-2026-0022, CVE-2026-0023, CVE-2026-0024, CVE-2026-0025, CVE-2026-0034, CVE-2026-0035, CVE-2026-0036, CVE-2026-0048, CVE-2026-0050, CVE-2026-0053, CVE-2026-0054, CVE-2026-0055, CVE-2026-0056, CVE-2026-0059, CVE-2026-0060, CVE-2026-0061, CVE-2026-0062, CVE-2026-0063, CVE-2026-0065, CVE-2026-0067

For detailed information on security preview releases, see our post about it.