Marius Muench

**Name of the Vulnerable Software and Affected Versions** Windows Virtualization-Based Security (VBS) Enclave (affected versions not specified) **Description** An untrusted pointer dereference in the Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to locally bypass a security feature. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 990 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 850 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 1080 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 1280 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2200 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 1330 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 1380 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 1480 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2400 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 1580 Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9110 Samsung Mobile Processor, Wearable Processor, and Modem W920 Samsung Mobile Processor, Wearable Processor, and Modem W930 Samsung Mobile Processor, Wearable Processor, and Modem W1000 Samsung Modem 5123 Samsung Modem 5300 Samsung Modem 5400 **Description** An issue exists in Samsung Mobile Processor, Wearable Processor, and Modem Exynos and Modem components due to a programming mistake related to buffer copy, leading to out-of-bounds writes via malformed ROHC packets. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos versions 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300 **Description** The issue is related to a heap buffer overflow, which can cause a USAT out-of-bounds write, leading to a Denial of Service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Wearable Processor and Modems versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 **Description** A vulnerability was discovered that allows an out-of-bounds write in the heap in 2G, which does not require authentication. **Recommendations** For versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Mobile Processor, Wearable Processor, and Modems versions Exynos 9820 through Exynos 2400 Samsung Mobile Processor, Wearable Processor, and Modems versions Exynos 9110, Exynos W920, Exynos W930 Samsung Mobile Processor, Wearable Processor, and Modems versions Exynos Modem 5123, Exynos Modem 5300 **Description** A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems that involves a NULL pointer dereference. This can cause abnormal termination of a mobile phone via a manipulated packet. **Recommendations** For versions Exynos 9820 through Exynos 2400, update to a version that includes a fix for the NULL pointer dereference issue. For versions Exynos 9110, Exynos W920, Exynos W930, update to a version that includes a fix for the NULL pointer dereference issue. For versions Exynos Modem 5123, Exynos Modem 5300, update to a version that includes a fix for the NULL pointer dereference issue. As a temporary workaround, consider restricting the reception of manipulated packets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Mobile Processor, Wearable Processor, and Modems versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 **Description** A vulnerability was discovered that allows an out-of-bounds write in the heap in 2G, which does not require authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samsung Exynos versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 **Description** A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems that allows out-of-bounds access to a heap buffer in the SIM Proactive Command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) oneAPI DPC++/C++ Compiler versions prior to 2022.2.1 Intel C++ Compiler Classic versions prior to 2021.7.1 Intel(R) oneAPI Toolkits versions prior to 2022.3.1 **Description** The issue is related to improper access control in the Intel(R) oneAPI DPC++/C++ Compiler and Intel C++ Compiler Classic, which may allow an authenticated user to potentially enable escalation of privilege via local access. This vulnerability is associated with deficiencies in access control, which can be exploited by an attacker to elevate their privileges. **Recommendations** For Intel(R) oneAPI DPC++/C++ Compiler versions prior to 2022.2.1, update to version 2022.2.1 or later. For Intel C++ Compiler Classic versions prior to 2021.7.1, update to version 2021.7.1 or later. For Intel(R) oneAPI Toolkits versions prior to 2022.3.1, update to version 2022.3.1 or later.