Qing Zhang

**Name of the Vulnerable Software and Affected Versions** Vivo Framework (affected versions not specified) **Description** The issue is related to improper control of framework service permissions, which may lead to the leakage of some sensitive device information. It is also described as a missing authentication flaw that could allow unauthorized access to the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vivo devices (affected versions not specified) **Description** The issue is related to the improper handling of WiFi information by framework services, which can allow malicious applications to obtain sensitive information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shannon baseband versions prior to SMR Mar-2022 Release 1 **Description** The issue is related to the improper use of an SMS buffer pointer, which allows an out-of-bounds read. **Recommendations** For versions prior to SMR Mar-2022 Release 1, update to SMR Mar-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2, 5.1.1, 6.0, 6.0.1 **Description** A denial of service issue in the Setup Wizard component of the Android operating system is related to inadequate access control. This issue could allow a malicious application to cause a denial of service, potentially leading to a device becoming unusable and requiring a factory reset. The issue is estimated to be moderate in severity. **Recommendations** For Android version 5.0.2, update to a fixed version or apply a recommended configuration change to mitigate the issue. For Android version 5.1.1, update to a fixed version or apply a recommended configuration change to mitigate the issue. For Android version 6.0, update to a fixed version or apply a recommended configuration change to mitigate the issue. For Android version 6.0.1, update to a fixed version or apply a recommended configuration change to mitigate the issue. As a temporary workaround, consider restricting access to the Setup Wizard component until a patch is available.