Pengfei Ding

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon versions (affected versions not specified) **Description** The issue is related to memory corruption in the camera due to improper validation of an array index. This affects various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon (affected versions not specified) **Description** The issue is related to memory corruption due to a double free problem in the kernel of Snapdragon products, including Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, and Snapdragon Mobile. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2017-08-05 **Description** The issue allows information disclosure for the kernel. A user could set an arbitrary kernel address, potentially leading to information disclosure. This occurs when a kernel memory address is passed from userspace through the `iris vidioc s ext ctrls` ioctl. **Recommendations** For Android versions prior to 2017-08-05, update to a version released after 2017-08-05 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 Description: The issue is related to a memory double free vulnerability, where the system fails to manage memory properly, leading to the freeing of the same memory address twice. An attacker could trick a user with root privilege into installing a crafted application, potentially resulting in malicious code execution. Recommendations: For LON-AL00BC00B139D, update the software to a version that properly manages memory allocation to prevent double free vulnerabilities. For LON-AL00BC00B229, apply a patch that corrects the memory management issue to prevent exploitation. For LON-L29DC721B188, restrict the installation of crafted applications until a software update that fixes the memory double free issue is available.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** The issue is caused by an off-by-one error in a camera driver, which can lead to an out-of-bounds read/write. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to an elevation of privilege vulnerability in the Upstream kernel scsi driver. This affects the Android product. **Recommendations** For Android kernel, apply the fix provided in Android ID A-35644812 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 **Description** A denial of service issue exists in the Android media framework, specifically in the hevc decoder. This issue may allow for a denial of service attack. **Recommendations** For Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.2 **Description** A denial of service issue exists in the Android media framework, specifically in libavc. **Recommendations** For Android versions 6.0 through 7.1.2, update to a version that contains a fix for this issue.