Chiachih_Wu

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 **Description** An information disclosure issue in the Audioserver component could allow a local malicious application to access data outside of its permission levels, potentially leading to unauthorized access to sensitive data. This issue is related to the lack of protection for internal data, which could be exploited by an attacker to cause a denial of service or other system impact. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to insufficient access control in the Qualcomm sound driver of the Android operating system. It allows a remote attacker to execute arbitrary code within the context of the kernel, but first requires compromising a privileged process. This problem is considered high-risk. **Recommendations** For Android versions Kernel-3.10 through Kernel-3.18, update to a version that includes the fix for this issue, as referenced by Android ID: A-31252384. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** The issue is related to insufficient access control in Qualcomm media codecs for the Android operating system. It allows a remote attacker to execute arbitrary code. This problem can be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. **Recommendations** For Android versions Kernel-3.10, Kernel-3.18, update to a version that includes the fix for this issue, as referenced by Android ID: A-29982686. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in Qualcomm media codecs, which could allow a local malicious application to execute arbitrary code within the context of a privileged process. This could be used to gain local access to elevated capabilities. The vulnerability is also described as being related to insufficient access control in Qualcomm media codecs, potentially allowing a remote attacker to execute arbitrary code. **Recommendations** For Android versions Kernel-3.10, Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.18 **Description** An elevation of privilege issue in the NVIDIA GPU driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. The vulnerability is related to insufficient access control in the NVIDIA GPU driver. **Recommendations** For Android version Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 **Description** An information disclosure issue in the Audioserver component of the Android operating system, specifically in the libeffects subcomponent, could allow a local malicious application to access data outside of its permission levels. This could be used to access sensitive data without permission. The issue is related to a lack of protection for internal data. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2 through 7.1 **Description** An information disclosure issue in the Qualcomm audio post processor's libeffects component could allow a local malicious application to access data outside of its permission levels. This could be used to access sensitive data without permission. The issue is related to the lack of protection for internal data. **Recommendations** For Android versions 5.0.2 through 7.1, update to a version that includes the fix for this issue, as indicated by Android ID A-32588016.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 **Description** An information disclosure issue in the Audioserver component of the Android operating system could allow a local malicious application to access data outside of its permission levels. This could be used to access sensitive data without permission. The issue is related to the lack of protection of internal data in the libeffects subcomponent. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the kernel performance subsystem. It could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. **Recommendations** For versions Kernel-3.10 through Kernel-3.18, consider restricting access to the kernel performance subsystem as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the kernel sound subsystem, which could allow a local malicious application to execute arbitrary code within the context of the kernel. This is rated as High because it first requires compromising a privileged process. The vulnerability is also associated with insufficient access control in the sound management subsystem, potentially allowing a remote attacker to execute arbitrary code. **Recommendations** For Android versions Kernel-3.10 through Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.18 **Description** An elevation of privilege issue in the NVIDIA libomx library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. **Recommendations** For Android version Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the NVIDIA libomx library, which is due to inadequate access control. This vulnerability can be exploited by a remote attacker to execute arbitrary code within the context of a privileged process, allowing access to elevated capabilities that are not normally accessible to third-party applications. The issue is rated as high. **Recommendations** For Android versions Kernel-3.18, update to a version that includes the fix for this issue, as referenced by Android ID: A-31251628.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An elevation of privilege issue in the NVIDIA GPU driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue may lead to a local permanent device compromise, requiring reflashing the operating system to repair the device. **Recommendations** For versions prior to 2016-11-05, update the Android operating system to a version released on or after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An elevation of privilege issue in the NVIDIA GPU driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue may lead to a local permanent device compromise, requiring reflashing the operating system to repair the device. **Recommendations** For Android versions prior to 2016-11-05, update the operating system to a version released on or after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An elevation of privilege issue in the NVIDIA GPU driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue may lead to a local permanent device compromise, requiring reflashing the operating system to repair the device. **Recommendations** For Android versions prior to 2016-11-05, update the operating system to a version released on or after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An issue in the NVIDIA GPU driver could allow a local malicious application to execute arbitrary code within the context of the kernel, potentially leading to a local permanent device compromise. This compromise may require reflashing the operating system to repair the device. **Recommendations** For versions prior to 2016-11-05, update the Android operating system to a version released on or after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-09-01 Android versions 7.0 before 2016-09-01 **Description** A buffer overflow issue exists in the libstagefright component of the mediaserver, specifically in the SoftVPX.cpp file. This issue allows attackers to potentially gain privileges by using a crafted application. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-09-01, apply the September 2016 security patch or later. For Android versions 7.0 before 2016-09-01, apply the September 2016 security patch or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-09-01 Android versions 7.0 before 2016-09-01 **Description** The issue allows attackers to gain privileges via a crafted application due to the failure to prevent input-port changes in the `omx/SimpleSoftOMXComponent.cpp` file in `libstagefright` in `mediaserver`. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-09-01, apply the September 2016 security patch or later. For Android versions 7.0 before 2016-09-01, apply the September 2016 security patch or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-09-01 Android versions 7.0 before 2016-09-01 **Description** The issue is related to multiple buffer overflows in the `SoftMP3.cpp` file within the `libstagefright` component of the `mediaserver` in Android. This allows attackers to gain privileges via a crafted application. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-09-01, apply the September 2016 security patch or later. For Android versions 7.0 before 2016-09-01, apply the September 2016 security patch or later.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-08-05 **Description** The issue is related to the Serial Peripheral Interface driver in Android, which has inadequate access control. This allows attackers to gain privileges via a crafted application. **Recommendations** For Android versions prior to 2016-08-05, update the operating system to a version released after 2016-08-05 to resolve the issue.