Lubo Zhang

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** A race condition potentially exists in the ioctl handler of a sound driver in Android, caused by synchronization errors when using a shared resource. This issue may allow a remote attacker to cause a device to hang or deny service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** An elevation of privilege issue in the kernel ION subsystem could allow a local malicious application to execute arbitrary code within the context of the kernel, potentially leading to a local permanent device compromise. This may require reflashing the operating system to repair the device. The issue is related to insufficient access control in the ION subsystem. **Recommendations** For Android versions Kernel-3.10 through Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.0 through 7.1.1 **Description** A remote denial of service issue in libskia could allow an attacker to use a specially crafted file to cause a device hang or reboot. This issue is related to inadequate access control in the libskia service of the Android operating system. The exploitation of this issue may enable a remote attacker to cause device hang or reboot using a specially crafted file. **Recommendations** For Android versions 7.0 through 7.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to insufficient access control in the Qualcomm sound driver of the Android operating system. It allows a remote attacker to execute arbitrary code within the context of the kernel, but first requires compromising a privileged process. This problem is considered high-risk. **Recommendations** For Android versions Kernel-3.10 through Kernel-3.18, update to a version that includes the fix for this issue, as referenced by Android ID: A-31252384. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-05-01 on Nexus 9 devices **Description** The issue is related to the NVIDIA video driver in Android, which has inadequate access control. This allows an attacker to gain privileges via a crafted application. The estimated number of potentially affected devices is not specified. **Recommendations** For Android versions prior to 2016-05-01 on Nexus 9 devices, update the system to a version released after 2016-05-01 to resolve the issue. As a temporary workaround, consider restricting the installation of applications from unknown sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Avtimer Driver (affected versions not specified) **Description** The issue is related to a NULL pointer dereference error in the Qualcomm Avtimer driver, which can lead to information disclosure. A local malicious user could exploit this to obtain sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.