Pox

Name of the Vulnerable Software and Affected Versions: BluetoothSettingsProvider versions prior to SMR Oct-2021 Release 1 Description: The issue is related to an improper access control vulnerability. This vulnerability allows an untrusted application to overwrite some Bluetooth information. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the BluetoothSettingsProvider to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Widevine TA log versions prior to SMR Oct-2021 Release 1 Description: An information disclosure issue allows attackers to bypass the ASLR protection mechanism in TEE. This affects the Widevine TA log, enabling potential exploitation. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information that could be exposed through the Widevine TA log until a patch is applied.

Name of the Vulnerable Software and Affected Versions: ION driver versions prior to SMR Sep-2021 Release 1 Description: A NULL pointer dereference issue in the ION driver allows attackers to cause memory corruption. Recommendations: For versions prior to SMR Sep-2021 Release 1, update to SMR Sep-2021 Release 1 or later to resolve the issue.