Knifefish

Name of the Vulnerable Software and Affected Versions: Android versions prior to 15 Description: The issue concerns an out-of-bounds write in the handling of macro blocks for the MPEG4 codec in the libsavsvc.so library. This allows local attackers to write out-of-bounds memory. Recommendations: For versions prior to Android 15, update to Android 15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to SMR Oct-2024 Release 1 in select Android 12 and 13 Android versions prior to SMR Sep-2024 Release 1 in select Android 14 **Description** The issue is related to improper access control in the ActivityManager, allowing local attackers to execute privileged behaviors. **Recommendations** For Android 12 and 13, update to a version that includes the SMR Oct-2024 Release 1 or later to resolve the issue. For Android 14, update to a version that includes the SMR Sep-2024 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libSEF.quram.so versions prior to SMR Oct-2024 Release 1 **Description** The issue is related to an integer overflow in libSEF.quram.so, which allows local attackers to write out-of-bounds memory. This can be exploited by local attackers. **Recommendations** For versions prior to SMR Oct-2024 Release 1, update to SMR Oct-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the libSEF.quram.so library until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BGProtectManager versions prior to SMR Sep-2024 Release 1 **Description** The issue is related to improper access control, allowing local attackers to bypass the restriction of process expiration. This can be exploited by local attackers. **Recommendations** For versions prior to SMR Sep-2024 Release 1, update to SMR Sep-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** My Files versions prior to SMR Sep-2024 Release 1 **Description** The issue allows physical attackers to access directories with My Files' privilege due to a path traversal problem. **Recommendations** For versions prior to SMR Sep-2024 Release 1, update to SMR Sep-2024 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: isemtelephony versions prior to Android 15 Description: The issue is related to improper access control in isemtelephony, allowing local attackers to access sensitive information. Recommendations: For versions prior to Android 15, update to Android 15 or later to resolve the issue.