Hanxiang Wen

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.2 **Description** The issue is related to a remote code execution vulnerability in the Android media framework. It is associated with insufficient access control, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Android versions 6.0 through 7.1.2, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** The issue is related to an elevation of privilege vulnerability in the Android framework, which is associated with insufficient access control. This vulnerability can be exploited by a remote attacker to gain elevated privileges. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** The issue is related to an elevation of privilege vulnerability in the Android framework, which is associated with insufficient access control. This vulnerability can be exploited by a remote attacker to gain elevated privileges. **Recommendations** For Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** The issue is related to a remote code execution vulnerability in the Android media framework. It is also associated with insufficient access control in the Android operating system, which can allow a remote attacker to execute arbitrary code. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.2 **Description** The issue is related to a remote code execution vulnerability in the Android media framework. It is associated with insufficient access control in the Android operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For Android versions 6.0 through 7.1.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 **Description** The issue is related to insufficient access control in the Audioserver application of the Android operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code in the context of a privileged process. This problem is considered high because it can be used to gain local access to elevated capabilities that are not normally accessible to third-party applications. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 **Description** The issue is related to insufficient access control in the Audioserver application of the Android operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code in the context of a privileged process using a local malicious application. This problem is considered high because it can be used to gain local access to elevated capabilities that are not normally accessible to third-party applications. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 **Description** An elevation of privilege issue in Audioserver could allow a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. **Recommendations** For versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, update to a version that includes the fix for Android ID: A-32703959 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the kernel performance subsystem. It could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. **Recommendations** For versions Kernel-3.10 through Kernel-3.18, consider restricting access to the kernel performance subsystem as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.