Peter Pi

**Name of the Vulnerable Software and Affected Versions** Samsung Mobile Processors Exynos versions 2200 through 2400 **Description** A vulnerability was discovered in Samsung Mobile Processors where they lack a check for the validation of native handles, which can result in a Denial of Service attack by unmapping an invalid length. **Recommendations** For Samsung Mobile Processors Exynos versions 2200 through 2400, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Huawei Honor V10 smartphones versions earlier than 9.0.0.156(C00E156R2P14T8) Huawei Honor 10 smartphones versions earlier than 9.0.0.156(C00E156R1P20T8) Huawei Honor Play smartphones versions earlier than 9.0.0.156(C00E156R1P13T8) **Description** The issue is related to a race condition that can be exploited by an attacker who tricks the user into installing a malicious application. This application can cause multiple processes to operate on the same variable at the same time, potentially leading to the execution of malicious code. **Recommendations** For Huawei Honor V10 smartphones versions earlier than 9.0.0.156(C00E156R2P14T8), update to version 9.0.0.156(C00E156R2P14T8) or later. For Huawei Honor 10 smartphones versions earlier than 9.0.0.156(C00E156R1P20T8), update to version 9.0.0.156(C00E156R1P20T8) or later. For Huawei Honor Play smartphones versions earlier than 9.0.0.156(C00E156R1P13T8), update to version 9.0.0.156(C00E156R1P13T8) or later.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to a lack of protection for internal data in kernel components, including the ION subsystem, Binder, USB driver, and networking subsystem. This could allow a local malicious application to access data outside of its permission levels. The exploitation of this issue requires a privileged process to be compromised first. It is estimated as a moderate issue. **Recommendations** For Android versions Kernel-3.10 through Kernel-3.18, update to a version that includes the fix for this issue to prevent potential data access outside of permission levels. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.2 Apple OS X versions prior to 10.11.5 Apple tvOS versions prior to 9.2.1 **Description** The issue is caused by a heap-based buffer overflow in the IOHIDFamily component, allowing attackers to execute arbitrary code in a privileged context or cause a denial of service via a crafted app. This can result in memory corruption. **Recommendations** For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later. For Apple tvOS versions prior to 9.2.1, update to version 9.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-08-05 **Description** The issue is related to the ION driver in the Android operating system, which has inadequate access control. This can be exploited by an attacker to gain privileges via a crafted application. The estimated number of potentially affected devices is not specified. **Recommendations** For Android versions prior to 2016-08-05, update the operating system to a version released after 2016-08-05 to resolve the issue. As a temporary workaround, consider restricting the use of the ION driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. It is caused by a buffer overflow in the IOFireWireFamily component. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the IOFireWireFamily component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-05-01 **Description** The issue is related to the mediaserver in Android, which does not initialize certain data structures correctly. This allows attackers to obtain sensitive information via a crafted application. The problem is associated with the `IGraphicBufferConsumer.cpp` and `IGraphicBufferProducer.cpp` objects. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-05-01, ensure that the device is updated to a version released on or after 2016-05-01.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-05-01 **Description** The issue is related to the mediaserver in Android, which does not initialize certain data structures correctly. This allows attackers to obtain sensitive information via a crafted application. The problem is associated with the IGraphicBufferConsumer.cpp and IGraphicBufferProducer.cpp objects. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-05-01, ensure that the device is updated to a version released on or after 2016-05-01.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-04-01 **Description** The issue concerns a component of the Android operating system, specifically the media/libmedia/IDrm.cpp in the mediaserver. It does not properly initialize a certain key-request data structure. This can be exploited by a remote attacker to obtain sensitive information from process memory, thereby bypassing an unspecified protection mechanism. The exploitation can be achieved via unspecified vectors, potentially allowing attackers to gain Signature or SignatureOrSystem access. **Recommendations** For Android versions prior to 2016-04-01, update the operating system to a version released after 2016-04-01 to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and limiting the use of the mediaserver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.0 through 5.0.1 Android versions 5.1.0 through 5.1.0 Android versions 6.0.0 through 2016-03-31 **Description** The issue exists due to the lack of validation for negative font property values in the Minikin library of the Android operating system. Exploitation of this issue can allow a local attacker to cause a denial of service (memory corruption) using a specially crafted font. Remote attackers can also cause a denial of service (memory corruption and reboot loop) via a crafted font. **Recommendations** For Android versions 5.0.0 through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.0 through 5.1.0, update to version 5.1.1 or later. For Android versions 6.0.0 through 2016-03-31, apply the patch available as of 2016-04-01.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-04-01 patchday **Description** The issue is caused by a buffer overflow in the media/libmedia/IOMX.cpp component of the mediaserver in the Android operating system. This can allow a remote attacker to obtain confidential information or bypass protection mechanisms. The vulnerability can be exploited to gain access to sensitive information from process memory, potentially allowing attackers to bypass an unspecified protection mechanism. **Recommendations** For Android versions prior to 2016-04-01 patchday: Apply the patch from the 2016-04-01 patchday to resolve the issue. As a temporary workaround, consider restricting access to the mediaserver component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-04-01 **Description** The issue is related to insufficient access control in the media/libmedia/IOMX.cpp component of the mediaserver in the Android operating system. Exploitation of this issue may allow a remote attacker to elevate their privileges using a specially crafted application. This can potentially allow attackers to gain privileges, such as obtaining Signature or SignatureOrSystem access. **Recommendations** For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-04-01, ensure that the patch level is 2016-04-01 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.4 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. It is caused by a buffer overflow in the IOGraphics component of the Mac OS X operating system. Exploitation of the issue may allow a remote attacker to execute arbitrary code in a privileged context or cause a denial of service. **Recommendations** For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted apps to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 4.4.4 Android versions 5.x prior to 5.1.1 LMY49H Android versions 6.x before 2016-03-01 **Description** The issue is caused by multiple integer overflows in the libeffects library in the mediaserver component of the Android operating system. This allows attackers to gain privileges via a crafted application, potentially obtaining Signature or SignatureOrSystem access. The issue is related to the EffectBundle.cpp and EffectReverb.cpp files. **Recommendations** For Android versions prior to 4.4.4, update to version 4.4.4 or later. For Android versions 5.x prior to 5.1.1 LMY49H, update to version 5.1.1 LMY49H or later. For Android versions 6.x before 2016-03-01, update to a version released on or after 2016-03-01.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 5.1.1 LMY49H Android 6.x versions prior to 2016-03-01 **Description** The issue exists due to the lack of initialization of a certain type of variable in the BnGraphicBufferConsumer::onTransact function. This allows a remote attacker to bypass protection mechanisms or obtain confidential information by triggering an ATTACH BUFFER action. **Recommendations** For Android versions prior to 5.1.1 LMY49H, update to version 5.1.1 LMY49H or later. For Android 6.x versions prior to 2016-03-01, update to a version released after 2016-03-01. As a temporary workaround, consider restricting access to the BnGraphicBufferConsumer::onTransact function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** The issue is caused by a buffer overflow in the mediaserver component of the Android operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted media file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 5.1.1 LMY48Z Android versions prior to 6.0 2015-12-01 **Description** The issue is related to the Media Framework component in Android, which lacks protection for certain data. This allows attackers to obtain sensitive information and bypass an unspecified protection mechanism. The exploitation can be done remotely. **Recommendations** For Android versions prior to 5.1.1 LMY48Z, update to version 5.1.1 LMY48Z or later. For Android versions prior to 6.0 2015-12-01, update to version 6.0 or later, with a patch date of 2015-12-01 or newer.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.6.34 through 5.2.x **Description** A buffer overflow flaw was found in the Linux kernel's vhost functionality, which translates virtqueue buffers to IOVs and logs buffer descriptors during migration. This flaw can be exploited by a privileged guest user who can pass descriptors with invalid length to the host during migration, potentially increasing their privileges on the host. The issue is related to the vhost-net module, which is a network backend for virtio, and can be used to bypass isolation in systems based on QEMU-KVM. **Recommendations** For Linux kernel versions 2.6.34 through 5.2.x, consider disabling the vhost functionality or restricting access to it until a patch is available. As a temporary workaround, avoid using the vhost-net module during virtual machine migration. There is no information about a newer version that contains a fix for this vulnerability.