Jianqiang Zhao

**Nome do software vulnerável e versões afetadas** Versões do Qualcomm Snapdragon (versões afetadas não especificadas) **Descrição** Existe um problema de estouro de buffer no aplicativo de vídeo do Qualcomm Snapdragon devido ao tamanho do buffer de destino ser menor que o tamanho do buffer de origem. Esse problema afeta vários produtos Snapdragon, incluindo Compute, Consumer IoT, Industrial IoT, Mobile, Voice & Music e Wearables, em vários chipsets, como Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250 e SXR2130. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas: Versões do Qualcomm Snapdragon (versões afetadas não especificadas) Descrição: O problema está relacionado ao fato de a gravação em registros via debugfs estar desativada por padrão, a fim de impedir gravações não autorizadas. Isso afeta vários produtos Qualcomm Snapdragon, incluindo Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IoT, Snapdragon Industrial IoT, Snapdragon Mobile e Snapdragon Voice & Music, em chipsets específicos como MDM9206, MDM9207C, MDM9607, Nicobar, QCS405, SA6155P, SC8180X, SDX55 e SM8150. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** A kernel overwrite can potentially occur in a camera driver ioctl in Qualcomm products with Android releases from CAF using the Linux kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is related to a missing bounds check in a camera driver function in Android, potentially leading to an out-of-bounds heap write. This could allow a remote attacker to access memory outside the application's boundaries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** The issue is related to the camera application, which can request frame/command buffer processing with invalid values. This leads to a heap buffer over-read by the driver. The exploitation of this issue may allow a remote attacker to cause a re-read of the dynamic memory buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the Qualcomm camera driver, which could allow a local malicious application to execute arbitrary code within the context of the kernel. This problem is rated as High because it first requires compromising a privileged process. **Recommendations** For Android versions Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to the fixed version **Description** An information disclosure issue in the Qualcomm video driver could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process. **Recommendations** For Android versions prior to the fixed version, update to a version that includes the fix for this issue to prevent local malicious applications from accessing data outside of their permission levels.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to the version that includes the fix for this issue **Description** An information disclosure issue in the Qualcomm video driver could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process and is rated as Moderate. **Recommendations** For Android versions prior to the version that includes the fix for this issue, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2 through 7.1.1 **Description** A remote code execution issue in the Framesequence library could allow an attacker to execute arbitrary code in the context of an unprivileged process using a specially crafted file. This issue is considered High due to the possibility of remote code execution in an application that uses the Framesequence library. **Recommendations** For Android versions 5.0.2 through 7.1.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An information disclosure issue in Qualcomm components, including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver, could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process. **Recommendations** For Android versions prior to 2016-11-05, update to a version released after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An elevation of privilege issue in the Qualcomm bus driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. **Recommendations** For Android versions prior to 2016-11-05, update to a version released on or after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 Adobe Acrobat Document Cloud (affected versions not specified) **Description** The issue involves an information disclosure vulnerability in Qualcomm components in Android and a buffer overflow vulnerability in Adobe Acrobat Document Cloud. The Android vulnerability could allow a local malicious application to access data outside of its permission levels, but it first requires compromising a privileged process. The Adobe Acrobat Document Cloud vulnerability is caused by a buffer overflow in memory and could allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). **Recommendations** For Android versions prior to 2016-11-05: Update to a version released after 2016-11-05 to resolve the issue. For Adobe Acrobat Document Cloud: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-10-05 on Nexus 9 devices **Description** The issue allows attackers to obtain sensitive information via a crafted application. **Recommendations** For Android versions prior to 2016-10-05 on Nexus 9 devices, update to a version released after 2016-10-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-10-05 **Description** The issue is related to the Qualcomm QDSP6v2 driver in Android, where certain data structures are not properly initialized in the audio utils.c file. This allows attackers to obtain sensitive information by using a crafted application. **Recommendations** For Android versions prior to 2016-10-05, update to a version released on or after 2016-10-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-10-05 **Description** The issue is related to the Qualcomm QDSP6v2 driver in Android, where certain data structures are not properly initialized in the audio utils.c file. This allows attackers to obtain sensitive information by using a crafted application. **Recommendations** For Android versions prior to 2016-10-05, update the operating system to a version released after 2016-10-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-09-05 on Nexus 5X and 6P devices **Description** A buffer overflow issue exists in the Qualcomm subsystem driver, specifically in the drivers/soc/qcom/subsystem restart.c file. This issue can be exploited by attackers to gain privileges via a crafted application that provides a long string. **Recommendations** For Android versions prior to 2016-09-05 on Nexus 5X and 6P devices, update to a version released after 2016-09-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-07-05 on Nexus 9 devices **Description** The issue is related to the NVIDIA camera driver in Android, which lacks protection of internal data. This allows attackers to obtain sensitive information via a crafted application. **Recommendations** For Android versions prior to 2016-07-05 on Nexus 9 devices, update the system to a version released after 2016-07-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NVIDIA camera driver versions prior to 2016-06-01 **Description** The issue is related to insufficient access control in the NVIDIA camera driver for the Android operating system. It allows a remote attacker to elevate their privileges using a specially crafted application. **Recommendations** For versions prior to 2016-06-01, update the NVIDIA camera driver to a version released after 2016-06-01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-05-01 **Description** The issue is related to insufficient access control in the Qualcomm buspm driver of the Android operating system. It allows a remote attacker to elevate their privileges using a specially crafted application. **Recommendations** For Android versions prior to 2016-05-01, update the operating system to a version released after 2016-05-01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-05-01 on Nexus 9 devices **Description** The issue is related to the NVIDIA media driver in Android, which has inadequate access control. This allows an attacker to gain privileges via a crafted application. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Android versions prior to 2016-05-01 on Nexus 9 devices, update the system to a version released after 2016-05-01 to resolve the issue. As a temporary workaround, consider restricting the use of the NVIDIA media driver until a patch is available.