Leoaccount

Name of the Vulnerable Software and Affected Versions: ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 Description: The issue is caused by an integer overflow due to missing size argument checks in the `tpdbg write` function within the `ft5x46 ts.c` file. This can be exploited to crash a device via a syscall by a crafted application on a rooted device. Recommendations: For the ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26, consider disabling the `tpdbg write` function in `drivers/input/touchscreen/ft5x46/ft5x46 ts.c` as a temporary workaround to prevent device crashes until a patch is available.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to integer overflows in the led driver for custom Linux kernels, specifically in the `drivers/leds/leds-aw2023.c` file. This occurs due to a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. A crafted application can exploit this for denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 **Description** The issue is caused by an integer overflow due to missing checks of the `count` argument in the `sde evtlog filter write` function in `drivers/gpu/drm/msm/sde dbg.c`. This can be exploited to cause a device crash via a syscall by a crafted application on a rooted device. **Recommendations** For the msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26, consider disabling the `sde evtlog filter write` function as a temporary workaround until a patch is available. Restrict access to the `drivers/gpu/drm/msm/sde dbg.c` module to minimize the risk of exploitation. Avoid using the `count` argument in the affected syscall until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 **Description** The issue is caused by an integer overflow due to missing checks of the `count` argument in the ` sde debugfs conn cmd tx write` function in `drivers/gpu/drm/msm/sde/sde connector.c`. This can be exploited to cause a device crash via a syscall by a crafted application on a rooted device. **Recommendations** For the msm gpu driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26, consider disabling the ` sde debugfs conn cmd tx write` function in `drivers/gpu/drm/msm/sde/sde connector.c` to prevent exploitation until a patch is available. Restrict access to the `sde connector.c` module to minimize the risk of exploitation. Avoid using the `count` argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Goodix GT9xx touchscreen driver versions prior to the version that fixes the NULL pointer dereference issue **Description** The issue is related to a NULL pointer dereference in the kfree function after a kmalloc failure in the gtp read Color function, located in the gt9xx.c file. This problem affects custom Linux kernels on specific Xiaomi devices, including Mi A2 Lite and RedMi6 pro, as used through 2018-08-27. **Recommendations** For the Goodix GT9xx touchscreen driver, as a temporary workaround, consider disabling the gtp read Color function in the gt9xx.c file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AdPlug version 2.3.1 **Description** An issue was discovered in the CEmuopl class in emuopl.cpp, where several double-free vulnerabilities exist due to a destructor's two OPLDestroy calls, each of which frees `TL TABLE`, `SIN TABLE`, `AMS TABLE`, and `VIB TABLE`. **Recommendations** For AdPlug version 2.3.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.