Gyorgy Miru

Name of the Vulnerable Software and Affected Versions: Vision DSP kernel driver versions prior to SMR Oct-2021 Release 1 Description: The issue allows for privilege escalation to Root by hijacking loaded library, assuming system privilege is gained. This is due to possible buffer overflow vulnerabilities in the Vision DSP kernel driver. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Vision DSP kernel driver to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: mfc driver versions prior to SMR Oct-2021 Release 1 Description: The issue is related to memory corruption via a NULL-pointer dereference in the mfc driver. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Huawei Smartphone (affected versions not specified) **Description** The issue is related to insufficient input validation, which may allow a remote attacker to disclose protected information or cause a denial of service. Successful exploitation of this vulnerability may cause an out-of-bounds read. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: DSP driver versions prior to SMR Sep-2021 Release 1 Description: The issue is related to an improper input validation vulnerability. This allows local attackers to obtain limited kernel memory information. Recommendations: For versions prior to SMR Sep-2021 Release 1, update to SMR Sep-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: DSP driver versions prior to SMR Sep-2021 Release 1 Description: The issue is related to an improper input validation vulnerability in the loading of graph files in the DSP driver. This vulnerability allows attackers to perform a permanent denial of service on the device. Recommendations: For versions prior to SMR Sep-2021 Release 1, update to SMR Sep-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the graph file loading functionality in the DSP driver until a patch is available.

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to configuring permission isolation in smartphones. Successful exploitation may cause out-of-bounds access. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Huawei Smartphone (affected versions not specified) Description: The issue is related to an incorrect calculation of buffer size, which may lead to verification bypass and directions to abnormal addresses. Successful exploitation of this issue can cause these consequences. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Circontrol CirCarLife versions prior to 4.3.1 **Description** The issue allows authentication to the device to be bypassed by entering the URL of a specific page. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue.