Daniel Micay

**Name of the Vulnerable Software and Affected Versions** Samsung S4 (GT-I9500) kernel versions 3.4 and earlier **Description** The issue in the samsung extdisp driver allows attackers to potentially obtain sensitive information. **Recommendations** For kernel versions 3.4 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.0 through 7.1.1 **Description** A remote code execution issue in the Surfaceflinger service could allow an attacker to cause memory corruption during media file and data processing by using a specially crafted file. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. The vulnerability is caused by a buffer overflow in memory, which can be exploited by a remote attacker to inject arbitrary code. **Recommendations** For Android versions 7.0 through 7.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2 through 7.1.1 **Description** An elevation of privilege issue in the Framework APIs could allow a local malicious application to execute arbitrary code within the context of a privileged process. This issue could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. The vulnerability is related to insufficient access control in the Framework APIs. **Recommendations** For Android versions 5.0.2 through 7.1.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 **Description** An information disclosure issue in the Mediaserver component of the Android operating system could allow a local malicious application to access data outside of its permission levels, potentially leading to unauthorized access to sensitive data. This issue could also be exploited by a remote attacker to cause a denial of service or other system impact. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.x before 2016-10-01 Android versions 7.0 before 2016-10-01 **Description** The issue relies on variable-length arrays in libril/RilSapSocket.cpp, which allows attackers to gain privileges via a crafted application. **Recommendations** For Android versions 6.x before 2016-10-01, update to a version released after 2016-10-01 to resolve the issue. For Android versions 7.0 before 2016-10-01, update to a version released after 2016-10-01 to resolve the issue.