Le Wu

**Name of the Vulnerable Software and Affected Versions** Trusted Application Environment (affected versions not specified) **Description** The issue is related to memory corruption due to use after free in the trusted application environment. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue is related to a transient denial-of-service in automotive systems, caused by improper input validation while parsing ELF files. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon (affected versions not specified) **Description** The issue is related to a denial of service in WLAN due to a potential null pointer dereference while accessing a memory location. This affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Wearables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MTP driver versions prior to SMR Sep-2022 Release 1 **Description** The issue is related to a use after free vulnerability in the `mtp send signal` function of the MTP driver. This vulnerability allows attackers to perform malicious actions. **Recommendations** For versions prior to SMR Sep-2022 Release 1, update to SMR Sep-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the MTP driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon (affected versions not specified) **Description** A memory corruption issue occurs due to a buffer overflow when processing an invalid MKV clip with an invalid seek header. This issue affects various Qualcomm Snapdragon products, including Auto, Compute, Connectivity, Industrial IOT, Mobile, and Wearables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon (affected versions not specified) **Description** The issue is related to memory corruption in the video driver due to a double free error that occurs while parsing an ASF clip. This problem affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon (affected versions not specified) **Description** The issue is related to memory corruption caused by incorrect pointer arithmetic. This occurs when attempting to change the endianness in the video parser function. The estimated number of potentially affected devices worldwide is not available. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU Display Driver (affected versions not specified) **Description** The issue is related to insecure privilege management in the NVIDIA GPU Display Driver. It may allow an attacker to cause a denial of service or escalate their privileges. A local user with basic capabilities can cause improper input validation, potentially leading to denial of service, escalation of privileges, data tampering, and limited information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: livfivextractor library versions prior to SMR Oct-2021 Release 1 Description: The issue is related to a lack of boundary checking of a buffer in the livfivextractor library, which allows an out-of-bounds (OOB) read. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: libsaacextractor.so library prior to SMR Sep-2021 Release 1 Description: The issue is related to an out-of-bounds (OOB) read vulnerability in the libsaacextractor.so library. This vulnerability allows attackers to execute a remote Denial of Service (DoS) via a forged aac file. Recommendations: For libsaacextractor.so library prior to SMR Sep-2021 Release 1: Update to a version released after SMR Sep-2021 Release 1 to resolve the issue. As a temporary workaround, consider restricting access to potentially forged aac files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: libsdffextractor library versions prior to SMR MAY-2021 Release 1 Description: The issue is related to an improper input validation vulnerability in the `sdfffd parse chunk PROP()` function. This vulnerability allows attackers to execute arbitrary code on the mediaextractor process. Recommendations: For versions prior to SMR MAY-2021 Release 1, update to SMR MAY-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `sdfffd parse chunk PROP()` function in the libsdffextractor library until a patch is available.

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Recommendations: For Android versions Android-10 through Android-11, apply the patch with ID ALPS05371580 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Recommendations: For Android versions Android-10 through Android-11, apply the patch with ID ALPS05371580 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: The issue is related to a possible memory corruption due to a race condition in vow. This could lead to local escalation of privilege, with System execution privileges needed. User interaction is required for exploitation. Recommendations: For Android versions Android-10 through Android-11, apply the patch with ID ALPS05418265 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android version Android-11 Description: In netdiag, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Recommendations: For Android version Android-11, apply the patch with ID ALPS05475124 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: In the performance driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Recommendations: For Android versions Android-10 through Android-11, apply the patch with ID ALPS05466547 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Recommendations: For Android versions Android-10 through Android-11, apply the patch with ID ALPS05471418 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android versions Android-8.1 through Android-11 Description: The issue is related to a possible out of bounds read due to a missing bounds check in the ccu component. This could lead to local information disclosure, requiring System execution privileges. User interaction is necessary for exploitation. Recommendations: For Android versions Android-8.1 through Android-11, apply the patch with ID ALPS05377188 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: The issue is related to an incorrect bounds check in vpu, which could lead to a possible out of bounds write. This could result in local escalation of privilege, with System execution privileges needed for exploitation. User interaction is not required for exploitation. Recommendations: For Android versions Android-10 through Android-11, apply the patch with ID ALPS05371580 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: The issue is related to improper input validation in mobile log d, which could lead to a local escalation of privilege. System execution privileges are needed for exploitation, and user interaction is not required. Recommendations: For Android versions Android-10 through Android-11, apply the patch with ID ALPS05432974 to resolve the issue.