Mingjian_Zhou

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** The issue is related to an information disclosure vulnerability in the Android media framework, specifically in the `audioflinger` component. This vulnerability is associated with a lack of protection for sensitive data. Exploitation of this issue could allow a remote attacker to disclose protected information. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to a component of the Android operating system, specifically the MediaTek libmtkomxvdec, which has a flaw in access control. This flaw can be exploited by a remote attacker to elevate their privileges. **Recommendations** For Android kernel, consider restricting access to the vulnerable component until a patch is available. As a temporary workaround, avoid using the affected libmtkomxvdec library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** A information disclosure vulnerability exists in the Android media framework, specifically in libhevc. This issue may allow for the disclosure of sensitive information. **Recommendations** For Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** A elevation of privilege vulnerability exists in the Android media framework, specifically in the mpeg4 encoder. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 **Description** The issue is related to insufficient access control in the libmediaplayerservice library of the Android Media Framework. It allows a remote attacker to elevate their privileges. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, update to a version that includes the fix for the elevation of privilege vulnerability in the Android media framework. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 8.0 **Description** The issue is related to a remote code execution vulnerability in the Android media framework, specifically in the libstagefright library. This vulnerability is associated with inadequate access control. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For Android versions 6.0 through 8.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.2 **Description** The issue is related to a remote code execution vulnerability in the Android media framework. It is associated with insufficient access control in the Android operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For Android versions 6.0 through 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.2 **Description** The issue is related to a remote code execution vulnerability in the Android media framework. It is associated with insufficient access control, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Android versions 6.0 through 7.1.2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** The issue is related to an elevation of privilege vulnerability in the Android framework, which is associated with insufficient access control. This vulnerability can be exploited by a remote attacker to gain elevated privileges. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** The issue is related to an elevation of privilege vulnerability in the Android framework, which is associated with insufficient access control. This vulnerability can be exploited by a remote attacker to gain elevated privileges. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** The issue is related to an elevation of privilege vulnerability in the Android framework, which is associated with insufficient access control. This vulnerability can be exploited by a remote attacker to gain elevated privileges. **Recommendations** For Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.2 **Description** The issue is related to an elevation of privilege vulnerability in the Android media framework, which can be exploited by a remote attacker to gain elevated privileges. This vulnerability is associated with inadequate access control in the Android operating system. **Recommendations** For Android versions 6.0 through 7.1.2, update to a version that contains a fix for this issue, as no specific workaround or mitigation measures are provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** The issue is related to a remote code execution vulnerability in the Android media framework. It is also associated with insufficient access control in the Android operating system, which can allow a remote attacker to execute arbitrary code. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.0, 7.1.1, 7.1.2, 8.0 **Description** The issue is related to an elevation of privilege vulnerability in the Android media framework, specifically in the libstagefright library. This vulnerability is associated with insufficient access control, which can be exploited by a remote attacker to gain elevated privileges. **Recommendations** For Android versions 7.0, 7.1.1, 7.1.2, 8.0, update to a version that includes the fix for the libstagefright library issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 **Description** The issue is related to insufficient access control in the libeffects library of the Android Media Framework, which can be exploited by a remote attacker to elevate their privileges. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.0, 7.1.1, 7.1.2 **Description** A information disclosure vulnerability in the Android media framework may allow a remote attacker to access protected data or execute arbitrary code in the context of a privileged process. **Recommendations** For Android versions 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is related to an elevation of privilege vulnerability in the Audioserver component of the Android operating system, which is associated with insufficient access control. This vulnerability could allow a local malicious application to execute arbitrary code within the context of a privileged process. The issue is rated as Moderate due to mitigation by current platform configurations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 **Description** An information disclosure issue in Audioserver could allow a local malicious application to access data outside of its permission levels, potentially accessing sensitive data without permission. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 **Description** An elevation of privilege issue in Audioserver could allow a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 **Description** An elevation of privilege issue in Audioserver could allow a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, update to a version that includes the fix for Android ID: A-32703959 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.