Giantpune

**Name of the Vulnerable Software and Affected Versions** Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver versions for Android 2.3 through 4.2 **Description** The issue allows attackers to execute arbitrary code or cause a denial of service due to an incorrect pointer dereference. This can be achieved via an application that uses crafted arguments in a local `diagchar ioctl` call. **Recommendations** For versions of the Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver for Android 2.3 through 4.2, consider restricting access to the `diagchar ioctl` call until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 2.3 through 4.2 **Description** The issue is related to an integer overflow in the diagchar core.c file of the Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver. This allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local `diagchar ioctl` call. **Recommendations** For Android versions 2.3 through 4.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver versions for Android 2.3 through 4.2 **Description** The issue allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local `kgsl ioctl` call. **Recommendations** For versions of the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2, consider restricting access to the `kgsl ioctl` call until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.