Chengming Yang

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to an elevation of privilege vulnerability in the Qualcomm QCE driver. It affects the Android product. **Recommendations** For Android kernel, apply the fix referenced by Android ID: A-36591162 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** The issue is related to an incorrect bounds check in an ISP Camera kernel driver function, which may potentially lead to an out-of-bounds write. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to insufficient access control in the MediaTek teei component of the Android operating system. It allows a remote attacker to elevate their privileges. **Recommendations** For Android kernel, apply the fix referenced by Android ID: A-37683975 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to an elevation of privilege vulnerability in the MediaTek auxadc driver, which is associated with inadequate access control. This could allow a remote attacker to elevate their privileges. **Recommendations** For Android kernel, consider restricting access to the MediaTek auxadc driver until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to a lack of access control in the MediaTek kernel of the Android operating system, which can be exploited by a remote attacker to elevate their privileges. **Recommendations** For Android kernel, consider applying security patches or updates to fix the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** A elevation of privilege issue exists in the MediaTek gpu driver. **Recommendations** For Android kernel, apply the fix referenced by Android ID: A-32458601 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to a elevation of privilege vulnerability in the MediaTek networking driver, which is associated with inadequate access control. This could allow a remote attacker to elevate their privileges. **Recommendations** For Android kernel, apply the necessary patches or updates to fix the elevation of privilege vulnerability in the MediaTek networking driver. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the MediaTek power driver, which could allow a local malicious application to execute arbitrary code within the context of the kernel. This problem is rated as High because it first requires compromising a privileged process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the MediaTek thermal driver, which could allow a local malicious application to execute arbitrary code within the context of the kernel. This is rated as High because it first requires compromising a privileged process. The vulnerability is associated with inadequate access control in the MediaTek thermal driver, potentially allowing an attacker to execute arbitrary code in the kernel context using a special application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to the fixed version **Description** The issue is related to an elevation of privilege vulnerability in the NVIDIA crypto driver, which could allow a local malicious application to execute arbitrary code within the context of the kernel. This is rated as High because it first requires compromising a privileged process. The vulnerability is also associated with insufficient access control in the NVIDIA crypto driver, potentially allowing a remote attacker to execute arbitrary code. **Recommendations** For Android versions prior to the fixed version, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver. This could enable a local malicious application to execute arbitrary code within the context of the kernel, potentially leading to a local permanent device compromise. The vulnerability is rated as Critical and may require reflashing the operating system to repair the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-08-05 **Description** The issue concerns a flaw in the video driver within the kernel of the Android operating system. This flaw can be exploited by attackers to gain privileges, potentially through a crafted application. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For Android versions prior to 2016-08-05, update the operating system to a version released after 2016-08-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-07-05 **Description** The issue is related to the MediaTek GPS driver in Android, which has inadequate access control. This allows attackers to gain privileges via a crafted application. **Recommendations** For Android versions prior to 2016-07-05, update to a version released after 2016-07-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Huawei P8 smartphones versions GRA-TL00 before GRA-TL00C01B230 Huawei P8 smartphones versions GRA-CL00 before GRA-CL00C92B230 Huawei P8 smartphones versions GRA-CL10 before GRA-CL10C92B230 Huawei P8 smartphones versions GRA-UL00 before GRA-UL00C00B230 Huawei P8 smartphones versions GRA-UL10 before GRA-UL10C00B230 Huawei Mate S smartphones versions CRR-TL00 before CRR-TL00C01B160SP01 Huawei Mate S smartphones versions CRR-UL00 before CRR-UL00C00B160 Huawei Mate S smartphones versions CRR-CL00 before CRR-CL00C92B161 **Description** The issue allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the `graphics` permission. This is related to an "interface access control" issue. **Recommendations** For Huawei P8 smartphones versions GRA-TL00 before GRA-TL00C01B230, update to a version after GRA-TL00C01B230. For Huawei P8 smartphones versions GRA-CL00 before GRA-CL00C92B230, update to a version after GRA-CL00C92B230. For Huawei P8 smartphones versions GRA-CL10 before GRA-CL10C92B230, update to a version after GRA-CL10C92B230. For Huawei P8 smartphones versions GRA-UL00 before GRA-UL00C00B230, update to a version after GRA-UL00C00B230. For Huawei P8 smartphones versions GRA-UL10 before GRA-UL10C00B230, update to a version after GRA-UL10C00B230. For Huawei Mate S smartphones versions CRR-TL00 before CRR-TL00C01B160SP01, update to a version after CRR-TL00C01B160SP01. For Huawei Mate S smartphones versions CRR-UL00 before CRR-UL00C00B160, update to a version after CRR-UL00C00B160. For Huawei Mate S smartphones versions CRR-CL00 before CRR-CL00C92B161, update to a version after CRR-CL00C92B161.

**Name of the Vulnerable Software and Affected Versions** Huawei P8 smartphones versions GRA-TL00 before GRA-TL00C01B230 Huawei P8 smartphones versions GRA-CL00 before GRA-CL00C92B230 Huawei P8 smartphones versions GRA-CL10 before GRA-CL10C92B230 Huawei P8 smartphones versions GRA-UL00 before GRA-UL00C00B230 Huawei P8 smartphones versions GRA-UL10 before GRA-UL10C00B230 Huawei Mate S smartphones versions CRR-TL00 before CRR-TL00C01B160SP01 Huawei Mate S smartphones versions CRR-UL00 before CRR-UL00C00B160 Huawei Mate S smartphones versions CRR-CL00 before CRR-CL00C92B161 **Description** The issue allows attackers to cause a denial of service or gain privileges via a crafted application with the graphics permission. This is related to an interface access control issue. **Recommendations** For Huawei P8 smartphones versions GRA-TL00 before GRA-TL00C01B230, update to version GRA-TL00C01B230 or later. For Huawei P8 smartphones versions GRA-CL00 before GRA-CL00C92B230, update to version GRA-CL00C92B230 or later. For Huawei P8 smartphones versions GRA-CL10 before GRA-CL10C92B230, update to version GRA-CL10C92B230 or later. For Huawei P8 smartphones versions GRA-UL00 before GRA-UL00C00B230, update to version GRA-UL00C00B230 or later. For Huawei P8 smartphones versions GRA-UL10 before GRA-UL10C00B230, update to version GRA-UL10C00B230 or later. For Huawei Mate S smartphones versions CRR-TL00 before CRR-TL00C01B160SP01, update to version CRR-TL00C01B160SP01 or later. For Huawei Mate S smartphones versions CRR-UL00 before CRR-UL00C00B160, update to version CRR-UL00C00B160 or later. For Huawei Mate S smartphones versions CRR-CL00 before CRR-CL00C92B161, update to version CRR-CL00C92B161 or later.