Returnsme

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** A race condition exists in a video driver in the affected products, which can lead to a double free. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 **Description** The issue is related to an elevation of privilege vulnerability in the NVIDIA GPU driver, which is due to inadequate access control. This vulnerability can be exploited by a remote attacker to execute arbitrary code within the context of the kernel, potentially leading to a local permanent device compromise. The compromise may require reflashing the operating system to repair the device. **Recommendations** For Android versions Kernel-3.10, consider restricting access to the NVIDIA GPU driver until a patch is available. As a temporary workaround, avoid using the vulnerable driver to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-07-01 **Description** The issue is related to the sockets subsystem in Android, which has inadequate access control. This allows attackers to gain privileges via a crafted application that uses the `AF MSM IPC` socket class or another socket class that is unrecognized by SELinux. **Recommendations** For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-07-01, update to a version released on or after 2016-07-01.