Federico Menarini

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned. **Description** The issue is related to information disclosure. No further details are provided about the nature of the disclosure or its potential impact. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue concerns remote code execution. No additional details are provided about the nature of the issue, affected devices, or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned. **Description** The issue concerns elevation of privilege. No additional details are provided about the nature of the issue, affected devices, or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue concerns remote code execution. No additional details are provided about the nature of the issue, affected devices, or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions mentioned. **Description** The issue concerns elevation of privilege. No additional details are provided about the nature of the issue, affected devices, or real-world incidents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue concerns remote code execution. There is no additional information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** StrongBox (affected versions not specified) **Description** The issue arises when the Trusted Execution Environment (TEE) is compromised, allowing attackers to exploit improper state maintenance in StrongBox. This enables them to change the Android Root of Trust (ROT) during the device boot cycle. The patch to prevent this issue is applied in the Galaxy S22, specifically to prevent changes to the Android ROT after its first initialization at boot time. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RPMB ldfw versions prior to SMR Feb-2022 Release 1 **Description** The issue is related to an improper boundary check in RPMB ldfw, which allows for arbitrary memory write and code execution. **Recommendations** For versions prior to SMR Feb-2022 Release 1, update to SMR Feb-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RPMB ldfw versions prior to SMR Feb-2022 Release 1 **Description** The issue is related to improper input validation in the SMC SRPMB WSM handler of RPMB ldfw, allowing arbitrary memory write and code execution. **Recommendations** For versions prior to SMR Feb-2022 Release 1, update to SMR Feb-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CPLC versions prior to SMR Dec-2021 Release 1 **Description** The issue is related to improper access control, allowing local attackers to access CPLC information without permission. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to SMR Dec-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LDFW and BL31 versions prior to SMR Dec-2021 Release 1 **Description** The issue is related to an improper boundary check in the secure log of LDFW and BL31, which allows for arbitrary memory write and code execution. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to SMR Dec-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LDFW versions prior to SMR Dec-2021 Release 1 **Description** The issue is related to improper input validation, which allows attackers to perform arbitrary code execution. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to SMR Dec-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HDCP LDFW versions prior to SMR Nov-2021 Release 1 **Description** A missing input validation in HDCP LDFW allows attackers to overwrite TZASC, which can lead to TEE compromise. **Recommendations** For versions prior to SMR Nov-2021 Release 1, update to SMR Nov-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HDCP versions prior to SMR Nov-2021 Release 1 **Description** The issue is related to improper input validation, which allows attackers to execute arbitrary code. **Recommendations** For versions prior to SMR Nov-2021 Release 1, update to SMR Nov-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Widevine trustlet versions prior to SMR Oct-2021 Release 1 Description: A possible guessing and confirming a byte memory vulnerability allows attackers to read arbitrary memory addresses. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: TEEGRIS secure OS versions prior to SMR Oct-2021 Release 1 Description: The issue is related to an improper caller check logic of SMC call in the TEEGRIS secure OS, which can be used to compromise the Trusted Execution Environment (TEE). Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Widevine trustlet versions prior to SMR Oct-2021 Release 1 Description: A possible stack-based buffer overflow issue allows arbitrary code execution. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue.