Jianqiangzhao

**Nome do software vulnerável e versões afetadas: Versões do Qualcomm Snapdragon (versões afetadas não especificadas) Descrição: O problema está relacionado ao fato de a gravação em registros via debugfs estar desativada por padrão, a fim de impedir gravações não autorizadas. Isso afeta vários produtos Qualcomm Snapdragon, incluindo Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IoT, Snapdragon Industrial IoT, Snapdragon Mobile e Snapdragon Voice & Music, em chipsets específicos como MDM9206, MDM9207C, MDM9607, Nicobar, QCS405, SA6155P, SC8180X, SDX55 e SM8150. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** A kernel overwrite can potentially occur in a camera driver ioctl in Qualcomm products with Android releases from CAF using the Linux kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** The issue is related to the camera application, which can request frame/command buffer processing with invalid values. This leads to a heap buffer over-read by the driver. The exploitation of this issue may allow a remote attacker to cause a re-read of the dynamic memory buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the Qualcomm camera driver, which could allow a local malicious application to execute arbitrary code within the context of the kernel. This problem is rated as High because it first requires compromising a privileged process. **Recommendations** For Android versions Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to the version that includes the fix for this issue **Description** An information disclosure issue in the Qualcomm video driver could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process and is rated as Moderate. **Recommendations** For Android versions prior to the version that includes the fix for this issue, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to the fixed version **Description** An information disclosure issue in the Qualcomm video driver could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process. **Recommendations** For Android versions prior to the fixed version, update to a version that includes the fix for this issue to prevent local malicious applications from accessing data outside of their permission levels.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2 through 7.1.1 **Description** A remote code execution issue in the Framesequence library could allow an attacker to execute arbitrary code in the context of an unprivileged process using a specially crafted file. This issue is considered High due to the possibility of remote code execution in an application that uses the Framesequence library. **Recommendations** For Android versions 5.0.2 through 7.1.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-10-05 **Description** The issue is related to the Qualcomm QDSP6v2 driver in Android, where certain data structures are not properly initialized in the audio utils.c file. This allows attackers to obtain sensitive information by using a crafted application. **Recommendations** For Android versions prior to 2016-10-05, update to a version released on or after 2016-10-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-10-05 **Description** The issue is related to the Qualcomm QDSP6v2 driver in Android, where certain data structures are not properly initialized in the audio utils.c file. This allows attackers to obtain sensitive information by using a crafted application. **Recommendations** For Android versions prior to 2016-10-05, update the operating system to a version released after 2016-10-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-10-05 on Nexus 9 devices **Description** The issue allows attackers to obtain sensitive information via a crafted application. **Recommendations** For Android versions prior to 2016-10-05 on Nexus 9 devices, update to a version released after 2016-10-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-09-05 on Nexus 5X and 6P devices **Description** A buffer overflow issue exists in the Qualcomm subsystem driver, specifically in the drivers/soc/qcom/subsystem restart.c file. This issue can be exploited by attackers to gain privileges via a crafted application that provides a long string. **Recommendations** For Android versions prior to 2016-09-05 on Nexus 5X and 6P devices, update to a version released after 2016-09-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-07-05 on Nexus 9 devices **Description** The issue is related to the NVIDIA camera driver in Android, which lacks protection of internal data. This allows attackers to obtain sensitive information via a crafted application. **Recommendations** For Android versions prior to 2016-07-05 on Nexus 9 devices, update the system to a version released after 2016-07-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NVIDIA camera driver versions prior to 2016-06-01 **Description** The issue is related to insufficient access control in the NVIDIA camera driver for the Android operating system. It allows a remote attacker to elevate their privileges using a specially crafted application. **Recommendations** For versions prior to 2016-06-01, update the NVIDIA camera driver to a version released after 2016-06-01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-05-01 **Description** The issue is related to insufficient access control in the Qualcomm buspm driver of the Android operating system. It allows a remote attacker to elevate their privileges using a specially crafted application. **Recommendations** For Android versions prior to 2016-05-01, update the operating system to a version released after 2016-05-01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-05-01 **Description** The issue is related to improper validation of entry data structures in the mediaserver component, specifically in the media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp file. This allows attackers to gain privileges via a crafted application, potentially obtaining Signature or SignatureOrSystem access. The vulnerability is associated with inadequate access control. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-05-01, ensure that the patch level is 2016-05-01 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-05-01 **Description** The issue is related to insufficient access control in the Qualcomm buspm driver of the Android operating system. It allows a remote attacker to elevate their privileges using a specially crafted application. The estimated number of potentially affected devices is not specified. **Recommendations** For Android versions prior to 2016-05-01, update the operating system to a version released after 2016-05-01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-04-01 **Description** The issue is related to a Qualcomm Power Management kernel driver in Android, which allows attackers to gain privileges via a crafted application that leverages root access. This is due to insufficient input validation, which can be exploited by a remote attacker to elevate their privileges using a specially crafted application that utilizes root access. **Recommendations** For Android versions prior to 2016-04-01, consider restricting root access to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid using applications that require root access to reduce the potential for privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-04-01 **Description** The issue is related to a video kernel driver component by Qualcomm in the Android operating system, which has insufficient access control. This can be exploited by a local attacker using a specially crafted application to elevate their privileges. **Recommendations** For Android versions prior to 2016-04-01, consider restricting access to the vulnerable video kernel driver as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-04-01 **Description** The issue is related to a Texas Instruments haptic kernel driver in Android, which has inadequate access control. This allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver. **Recommendations** For Android versions prior to 2016-04-01, update the system to a version released after 2016-04-01 to resolve the issue.