Chao Ma

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 980 through 9825 Samsung Mobile Processor Exynos versions 990 Samsung Mobile Processor Exynos versions 850 Samsung Mobile Processor Exynos versions 1080 Samsung Mobile Processor Exynos versions 2100 Samsung Mobile Processor Exynos versions 1280 Description: An issue was discovered in Samsung Mobile Processor Exynos. The lack of a length check leads to a stack out-of-bounds write at `loadInputBuffers`. Recommendations: For Samsung Mobile Processor Exynos versions 980 through 9825, consider disabling the `loadInputBuffers` function until a patch is available. For Samsung Mobile Processor Exynos version 990, restrict access to the vulnerable module to minimize the risk of exploitation. For Samsung Mobile Processor Exynos version 850, avoid using the vulnerable parameter in the affected API endpoint until the issue is resolved. For Samsung Mobile Processor Exynos versions 1080, 2100, and 1280, as a temporary workaround, consider restricting the use of the vulnerable component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 980 through 9825 Samsung Mobile Processor Exynos versions 990 Samsung Mobile Processor Exynos versions 850 Samsung Mobile Processor Exynos versions 1080 Samsung Mobile Processor Exynos versions 2100 Samsung Mobile Processor Exynos versions 1280 Description: An issue was discovered in Samsung Mobile Processor Exynos. The lack of a length check leads to a stack out-of-bounds write at `loadOutputBuffers`. Recommendations: For Samsung Mobile Processor Exynos versions 980 through 9825, consider disabling the `loadOutputBuffers` function until a patch is available. For Samsung Mobile Processor Exynos version 990, restrict access to the vulnerable module to minimize the risk of exploitation. For Samsung Mobile Processor Exynos version 850, avoid using the vulnerable function until the issue is resolved. For Samsung Mobile Processor Exynos version 1080, consider applying configuration changes to mitigate the risk. For Samsung Mobile Processor Exynos version 2100, restrict the use of the vulnerable component to minimize the risk of exploitation. For Samsung Mobile Processor Exynos version 1280, consider disabling the vulnerable function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Galaxy S24 versions prior to Firmware update Sep-2024 Release **Description** The issue is an out-of-bounds write in the usb driver, allowing local attackers to write out-of-bounds memory. This requires system privilege to trigger. **Recommendations** For Galaxy S24 versions prior to Firmware update Sep-2024 Release, update to the Sep-2024 Release or later to resolve the issue. As a temporary workaround, consider restricting access to the usb driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Galaxy S24 versions prior to Firmware update Sep-2024 Release **Description** The issue is related to an out-of-bounds write in the Battery Full Capacity node, allowing local attackers to write out-of-bounds memory. System privilege is required for triggering this issue. **Recommendations** For Galaxy S24 versions prior to Firmware update Sep-2024 Release, update to the Sep-2024 Release or later to resolve the issue. As a temporary workaround, consider restricting system privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Mobile Processor Exynos versions 850, 9610, 980, 1280, 1380, 1330, W920, and W930 **Description** A vulnerability was discovered where the processor does not properly check a pointer address, which can lead to information disclosure. **Recommendations** For Exynos 850, update to a version that properly checks pointer addresses. For Exynos 9610, update to a version that properly checks pointer addresses. For Exynos 980, update to a version that properly checks pointer addresses. For Exynos 1280, update to a version that properly checks pointer addresses. For Exynos 1380, update to a version that properly checks pointer addresses. For Exynos 1330, update to a version that properly checks pointer addresses. For Exynos W920, update to a version that properly checks pointer addresses. For Exynos W930, update to a version that properly checks pointer addresses.

**Name of the Vulnerable Software and Affected Versions** Samsung Mobile Processor Exynos versions 980 through 2400 **Description** A time-of-check to time-of-use (TOCTOU) race condition was discovered, which can lead to a Denial of Service. This issue affects various Samsung Mobile Processor Exynos models. **Recommendations** For Samsung Mobile Processor Exynos versions 980 through 2400, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Mobile Processors Exynos versions 1280, 2200, 1330, 1380, and 2400 **Description** A vulnerability was discovered in Samsung Mobile Processors where they do not properly check the length of the data, which can lead to information disclosure. **Recommendations** For Samsung Mobile Processors Exynos versions 1280, 2200, 1330, 1380, and 2400, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneUIHome versions prior to SMR Jul-2024 Release 1 **Description** The issue is related to improper access control, allowing local attackers to launch privileged activities. User interaction is required to trigger this issue. **Recommendations** For versions prior to SMR Jul-2024 Release 1, update to the SMR Jul-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive activities to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** caminfo driver versions prior to SMR Jun-2024 Release 1 **Description** The issue is related to improper input validation in the caminfo driver, allowing local privileged attackers to write out-of-bounds memory. This can be exploited by local privileged attackers. **Recommendations** For versions prior to SMR Jun-2024 Release 1, update to SMR Jun-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the caminfo driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Huawei HarmonyOS/EMUI versions 3.0.0 through 4.0.0 **Description** The issue is a double-free vulnerability in the RSMC module. Successful exploitation of this vulnerability will affect availability, potentially leading to system compromise. **Recommendations** For Huawei HarmonyOS/EMUI versions 3.0.0 through 4.0.0, update the affected systems immediately and monitor for signs of exploit.

**Name of the Vulnerable Software and Affected Versions** HarmonyOS (affected versions not specified) **Description** The issue is related to an out-of-bounds access vulnerability in the memory module. Successful exploitation of this vulnerability will affect availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HarmonyOS (affected versions not specified) **Description** The issue is related to an insufficient verification vulnerability in the baseband module. Successful exploitation of this vulnerability will affect availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RSMC module (affected versions not specified) **Description** The issue is a double-free vulnerability in the RSMC module. Successful exploitation of this vulnerability will affect availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Power module (affected versions not specified) **Description** The issue is related to an input verification vulnerability in the power module. Successful exploitation of this vulnerability will affect availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue involves the vulnerability of input parameters not being strictly verified in the RSMC module. Successful exploitation of this issue may cause an out-of-bounds write. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RSMC module (affected versions not specified) **Description** The issue is an out-of-bounds write vulnerability in the RSMC module. Successful exploitation of this vulnerability will affect availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is an out-of-bounds write vulnerability in the RSMC module. Successful exploitation of this vulnerability will affect availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kernel module (affected versions not specified) **Description** The issue concerns data verification errors in the kernel module. Successful exploitation may affect service confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kernel module (affected versions not specified) **Description** The issue is related to data verification errors in the kernel module. Successful exploitation of this issue may affect service confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A race condition vulnerability exists in the Wi-Fi module. Successful exploitation of this issue will affect availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.