Ryan Johnson

**Name of the Vulnerable Software and Affected Versions** kperfmon versions prior to SMR Sep-2024 Release 1 **Description** The issue is related to incorrect authorization in kperfmon, allowing local attackers to access information related to performance, including app usage. **Recommendations** For versions prior to SMR Sep-2024 Release 1, update to SMR Sep-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to kperfmon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** System property versions prior to SMR Aug-2024 Release 1 **Description** The issue is related to improper access control, allowing local attackers to access cell-related information. **Recommendations** For versions prior to SMR Aug-2024 Release 1, update to SMR Aug-2024 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SLocationService versions prior to SMR Aug-2023 Release 1 **Description** The issue is related to improper access control in SLocationService, allowing a local attacker to update a fake location. **Recommendations** For versions prior to SMR Aug-2023 Release 1, update to SMR Aug-2023 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HDCP trustlet versions prior to SMR Aug-2023 Release 1 **Description** The issue is related to improper access control in the HDCP trustlet, allowing local attackers to execute arbitrary code. This could potentially lead to security breaches. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to SMR Aug-2023 Release 1, update to SMR Aug-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the HDCP trustlet until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsec-ril versions prior to SMR Aug-2023 Release 1 **Description** The issue is an out-of-bounds write in the `ReqDataRaw` of `libsec-ril`, allowing a local attacker to execute arbitrary code. **Recommendations** For versions prior to SMR Aug-2023 Release 1, update to the SMR Aug-2023 Release 1 or later to resolve the issue.