Mounir Elgharabawy

Name of the Vulnerable Software and Affected Versions: Security Mode Command process versions prior to SMR Oct-2021 Release 1 Description: The issue is related to a lack of replay attack protection in the Security Mode Command process. This can lead to denial of service on mobile network connections and cause battery depletion. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Security Mode Command process to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: APAService versions prior to SMR Sep-2021 Release 1 Description: The issue is caused by an improper length check in APAService, resulting in a stack-based Buffer Overflow. Recommendations: For versions prior to SMR Sep-2021 Release 1, update to SMR Sep-2021 Release 1 or later to resolve the issue.