Scott Bauer

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.18.6 **Description** The issue is related to an information leak in the `cdrom ioctl drive status()` function in the Linux kernel, which could allow local attackers to read kernel memory. This is due to a cast from unsigned long to int that interferes with bounds checking, leading to potential data exposure. The vulnerability is associated with errors in data processing. **Recommendations** For Linux kernel versions prior to 4.18.6, update to version 4.18.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cdrom ioctl drive status()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** The issue involves an audio client pointer being dereferenced before its validity is checked. This could potentially lead to issues related to the handling of audio clients in Qualcomm products that utilize the Linux kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** A buffer overflow issue exists in the HSDPA protocol of Qualcomm products with Android releases from CAF, which utilizes the Linux kernel. This issue may allow a remote attacker to compromise the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** The issue is related to an array out-of-bounds access that can potentially occur in a camera driver. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** A buffer overflow issue exists due to the variable set for determining the buffer size not being used to indicate the actual size of the buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** A remote code execution issue exists in the Broadcom networking driver. This affects Android products. **Recommendations** For Android kernel, apply the fix referenced by Android ID A-37168488 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android kernel **Description** The issue is related to a wi-fi driver vulnerability in the Android operating system, specifically concerning the Broadcom wi-fi driver. It involves insufficient access control, which can be exploited by a local attacker to elevate their privileges. **Recommendations** For Android kernel, apply the necessary security patches to fix the elevation of privilege vulnerability in the Broadcom wi-fi driver.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** An information disclosure issue in the Qualcomm camera driver could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process and is rated as Moderate. **Recommendations** For Android versions Kernel-3.10, Kernel-3.18, consider restricting access to the Qualcomm camera driver until a patch is available. As a temporary workaround, disabling the camera functionality may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.0 through 7.1.1 **Description** A remote code execution issue in the Surfaceflinger service could allow an attacker to cause memory corruption during media file and data processing by using a specially crafted file. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. The vulnerability is caused by a buffer overflow in memory, which can be exploited by a remote attacker to inject arbitrary code. **Recommendations** For Android versions 7.0 through 7.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An information disclosure issue in Qualcomm components, including the GPU driver, power driver, SMSM Point-to-Point driver, and sound driver, could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process. **Recommendations** For Android versions prior to 2016-11-05, update to a version released after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-09-05 on Nexus 6P devices **Description** The issue is related to the wcdcal hwdep ioctl shared function in the Qualcomm sound codec, which does not properly copy firmware data. This allows attackers to obtain sensitive information via a crafted application. **Recommendations** For Android versions prior to 2016-09-05 on Nexus 6P devices, update the Android version to a newer one released after 2016-09-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-07-01 patchday **Description** The issue is related to errors in frame handling in the decoder/ih264d parse pslice.c file of the Android mediaserver. It allows a remote attacker to cause a denial of service, resulting in device hang or reboot, by using a specially crafted media file. **Recommendations** For Android versions prior to 2016-07-01 patchday, apply the July 2016 security patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.x through 4.4.3 Android versions 5.0.x through 5.0.1 Android versions 5.1.x through 5.1.0 Android versions 6.x before 2016-07-01 **Description** The issue is related to the mediaserver in Android, which does not limit process-memory usage. This allows remote attackers to cause a denial of service, resulting in a device hang or reboot, via a crafted media file. **Recommendations** For Android versions 4.x through 4.4.3, update to version 4.4.4 or later. For Android versions 5.0.x through 5.0.1, update to version 5.0.2 or later. For Android versions 5.1.x through 5.1.0, update to version 5.1.1 or later. For Android versions 6.x before 2016-07-01, update to a version released on or after 2016-07-01.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 6.0.1 (updated before 2016-03-01) **Description** The issue is related to insufficient access control in the Android operating system. It can be exploited by a remote attacker using a specially crafted application that utilizes `conn launcher` access to gain privileges. **Recommendations** For Android versions prior to 6.0.1, update to a version updated before 2016-03-01 to resolve the issue. As a temporary workaround, consider restricting access to the `conn launcher` to minimize the risk of exploitation.