Seven Shen

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 8.0 **Description** The issue is related to insufficient access control in the Android operating system's messaging component. It may allow a remote attacker to cause a denial of service. **Recommendations** For Android versions 6.0 through 8.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.2 **Description** A denial of service issue exists in the Android media framework, specifically in the libmpeg2 component. This issue does not mention any estimated number of potentially affected devices or real-world incidents. **Recommendations** For Android versions 6.0 through 7.1.2, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 8.0 **Description** A denial of service vulnerability in the Android media framework is related to insufficient access control in the libhevc library of the Media Framework service. This issue can allow a remote attacker to execute arbitrary code in the context of a privileged process. **Recommendations** For Android versions 6.0 through 8.0, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to an information disclosure vulnerability in the Qualcomm sound driver, which could allow a local malicious application to access data outside of its permission levels. This requires compromising a privileged process. The vulnerability is related to a lack of protection for service data, which could allow an attacker to violate data confidentiality using a local malicious application. **Recommendations** For Android versions Kernel-3.10 through Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is related to a lack of access control in the DTS sound driver of the Android operating system. It allows a remote attacker to execute arbitrary code within the context of the kernel using a special application. This is an elevation of privilege issue that could enable a local malicious application to execute arbitrary code within the context of the kernel, but it first requires compromising a privileged process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 **Description** The issue is related to an information disclosure vulnerability in the Qualcomm camera driver, which could allow a local malicious application to access data outside of its permission levels. This is rated as Low because it first requires compromising a privileged process. The vulnerability is associated with a lack of protection for service data and could potentially allow a remote attacker to cause a denial of service or other system impact. **Recommendations** For Android version Kernel-3.10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 **Description** The issue is related to insufficient access control in the Broadcom Wi-Fi driver of the Android operating system. It may allow a remote attacker to execute arbitrary code. This is an elevation of privilege issue that could enable a local malicious application to execute arbitrary code within the context of the kernel. The issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. **Recommendations** For Android versions Kernel-3.10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** An information disclosure issue in Qualcomm components, including the camera driver and video driver, could allow a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. **Recommendations** For Android versions Kernel-3.10, Kernel-3.18, consider restricting access to sensitive data until a patch is available. As a temporary workaround, consider disabling the camera driver and video driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to an elevation of privilege vulnerability in the Qualcomm sound codec driver, which is associated with insufficient access control. This could allow a remote attacker to elevate their privileges and execute arbitrary code using a specially crafted application. **Recommendations** For Android kernel, consider restricting access to the Qualcomm sound codec driver until a patch is available. As a temporary workaround, avoid using the Qualcomm sound codec driver in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-10-01 Android versions 7.0 before 2016-10-01 **Description** The issue allows remote attackers to cause a denial of service, resulting in a device hang or reboot, via a crafted file. **Recommendations** For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-10-01, update to a version released on or after 2016-10-01. For Android versions 7.0 before 2016-10-01, update to a version released on or after 2016-10-01.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-09-05 **Description** The issue allows attackers to obtain sensitive information via a crafted application. **Recommendations** For Android versions prior to 2016-09-05, update to a version released after 2016-09-05 to resolve the issue.