Screenshot from the Dec 2020 Android security bulletin
Conversation
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
There are almost as many security fixes for firmware as the OS on the monthly basis. There was an interesting issue fixed last month involving a GPU IOMMU bypass.
We still have a lot of trouble getting it across to users that firmware and hardware matters as much as the OS.
qualcomm.com/company/produc has more details.
Google stopped publishing the summaries of issues in the public security bulletins, which is unfortunate. They still have them in the internal ones provided to vendors in advance. They could at least add the summaries in the next month.
1
1
Qualcomm also shows if the issue was reported internally or externally and still has acknowledgements for researchers in the bulletins.
Can't read too much into the number because most are found internally, and most companies wouldn't assign a separate CVE for each if at all.
1