Dongdong She

**Nome do software vulnerável e versões afetadas** IJG JPEG (também conhecido como libjpeg) versões anteriores à 9d **Descrição** O problema está relacionado à função `jpeg mem available()` no arquivo `jmemnobs.c` do diretório `djpeg`, que não respeita a configuração `max memory to use`, podendo causar consumo excessivo de memória. Isso poderia permitir que um invasor remoto divulgasse informações protegidas ou causasse uma negação de serviço. **Recomendações** Para versões anteriores à 9d, atualize para a versão 9d ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o uso da função `jpeg mem available()` em `djpeg` para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils versions through 2.31 **Description** An issue in the Binary File Descriptor (BFD) library, specifically in the elf.c component, is related to the IS CONTAINED BY LMA macro. This issue causes an integer overflow and an infinite loop. The exploitation of this issue can lead to a denial of service by a remote attacker. **Recommendations** For GNU Binutils versions through 2.31, consider updating to a version that addresses the integer overflow and infinite loop issue caused by the IS CONTAINED BY LMA macro in elf.c. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions Huawei Mate8 phones with software NXT-CL10C00B561 and earlier versions Huawei Mate8 phones with software NXT-DL10C00B561 and earlier versions Huawei Mate8 phones with software NXT-TL10C00B561 and earlier versions **Description** The issue in the ION memory management module allows attackers to cause a denial of service, which can result in the device restarting. **Recommendations** For Huawei Mate8 phones with software NXT-AL10C00B561 and earlier versions, update to a version later than NXT-AL10C00B561. For Huawei Mate8 phones with software NXT-CL10C00B561 and earlier versions, update to a version later than NXT-CL10C00B561. For Huawei Mate8 phones with software NXT-DL10C00B561 and earlier versions, update to a version later than NXT-DL10C00B561. For Huawei Mate8 phones with software NXT-TL10C00B561 and earlier versions, update to a version later than NXT-TL10C00B561.

**Name of the Vulnerable Software and Affected Versions** Huawei P9 phones with software EVA-AL10C00B192 and earlier versions Huawei P9 phones with software EVA-DL10C00B192 and earlier versions Huawei P9 phones with software EVA-TL10C00B192 and earlier versions Huawei P9 phones with software EVA-CL10C00B192 and earlier versions **Description** The issue in the ION memory management module allows attackers to obtain sensitive information from uninitialized memory. **Recommendations** For Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, update to a version later than EVA-AL10C00B192. For Huawei P9 phones with software EVA-DL10C00B192 and earlier versions, update to a version later than EVA-DL10C00B192. For Huawei P9 phones with software EVA-TL10C00B192 and earlier versions, update to a version later than EVA-TL10C00B192. For Huawei P9 phones with software EVA-CL10C00B192 and earlier versions, update to a version later than EVA-CL10C00B192.

**Name of the Vulnerable Software and Affected Versions** Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions Huawei Mate 8 phones with software NXT-DL10C00B197 and earlier versions Huawei Mate 8 phones with software NXT-TL10C00B197 and earlier versions Huawei Mate 8 phones with software NXT-CL10C00B197 and earlier versions **Description** The issue affects the ION memory management module, allowing attackers to cause a denial of service, which results in the device restarting. **Recommendations** For Huawei Mate 8 phones with software NXT-AL10C00B197 and earlier versions, update to a version later than NXT-AL10C00B197. For Huawei Mate 8 phones with software NXT-DL10C00B197 and earlier versions, update to a version later than NXT-DL10C00B197. For Huawei Mate 8 phones with software NXT-TL10C00B197 and earlier versions, update to a version later than NXT-TL10C00B197. For Huawei Mate 8 phones with software NXT-CL10C00B197 and earlier versions, update to a version later than NXT-CL10C00B197.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-10-05 **Description** The issue is related to multiple use-after-free vulnerabilities in the Qualcomm sound driver. These vulnerabilities allow attackers to gain privileges via a crafted application. The estimated number of potentially affected devices is not specified. **Recommendations** For Android versions prior to 2016-10-05, update to a version released after 2016-10-05 to resolve the issue. As a temporary workaround, consider restricting access to the sound driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.0.3 **Description** The issue allows local users to obtain sensitive information from kernel memory. This is due to the failure to initialize certain data structures in the arch/arm64/mm/dma-mapping.c file, which can be exploited by triggering a dma mmap call. **Recommendations** For Linux kernel versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue.