Billy Lau

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the NVIDIA Libnvparser component. This vulnerability could lead to memory corruption and possible remote code execution due to a memcpy into a fixed-sized buffer with a user-controlled size. The vulnerability is associated with insufficient access control and can be exploited by a remote attacker to cause memory damage or execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** The issue is related to a kernel fault that can occur when performing certain operations on a read-only virtual address in userspace. This is due to incorrect handling of data when working with virtual memory in userspace that is only accessible for reading. Exploitation of this issue may allow a remote attacker to cause a kernel crash or execute arbitrary code using a specially crafted application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the NVIDIA GPU driver, which could allow a local malicious application to execute arbitrary code within the context of the kernel. This may lead to a local permanent device compromise. The vulnerability is also related to insufficient access control to certain functions, potentially allowing a remote attacker to launch an application with the privileges of the current user. **Recommendations** For Android versions prior to Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU driver versions prior to the fixed version **Description** The issue is related to insufficient access control in the NVIDIA GPU driver for the Android operating system, allowing a remote attacker to launch an application with the privileges of the current user. A local malicious application can execute arbitrary code within the context of the kernel, potentially leading to a local permanent device compromise. This may require reflashing the operating system to repair the device. **Recommendations** For versions prior to the fixed version, consider restricting access to the kernel to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.