Seonung Jang

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon (affected versions not specified) **Description** The issue is related to memory corruption in the diag component due to a use-after-free error while processing a DCI packet. This affects various Qualcomm Snapdragon products, including Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Wearables, Wired Infrastructure, and Networking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon versions (affected versions not specified) **Description** The issue is related to memory corruption due to use after free in a service. This occurs when trying to access maps by different threads, which can lead to instability or potentially allow for unauthorized access or control. The estimated number of potentially affected devices worldwide is not specified. There is no information available about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon Auto (affected versions not specified) Qualcomm Snapdragon Compute (affected versions not specified) Qualcomm Snapdragon Connectivity (affected versions not specified) Qualcomm Snapdragon Consumer IOT (affected versions not specified) Qualcomm Snapdragon Industrial IOT (affected versions not specified) Qualcomm Snapdragon Mobile (affected versions not specified) Qualcomm Snapdragon Wearables (affected versions not specified) **Description** The issue is related to information disclosure due to exposure of information while the GPU reads the data. This can be used to leak large amounts of information to a malicious Android application. The vulnerability can leak information in both the user space and kernel space level of pages. The GitHub Security Lab used the kernel space information leak to construct a KASLR bypass. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DSP driver versions prior to SMR Apr-2022 Release 1 **Description** The issue is related to a use after free vulnerability in the `dsp context unload graph` function. This vulnerability allows attackers to perform malicious actions. **Recommendations** For versions prior to SMR Apr-2022 Release 1, update to SMR Apr-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `dsp context unload graph` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to an information disclosure problem in the win32k component, which can improperly provide kernel information. This can allow an attacker to obtain sensitive information. The vulnerability is associated with errors in processing objects in memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer 11 Microsoft Edge Internet Explorer 10 **Description** The issue is related to errors in the implementation of cross-frame interaction in Microsoft browsers. It allows a remote attacker to disclose protected information using a specially crafted web page. An attacker who successfully exploits this issue could obtain browser frame or window state from a different domain. **Recommendations** For Internet Explorer 11, update to a version that properly restricts cross-frame interaction. For Microsoft Edge, update to a version that properly restricts cross-frame interaction. For Internet Explorer 10, update to a version that properly restricts cross-frame interaction. As a temporary workaround, consider restricting access to sensitive information when using affected browsers until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer 11 Microsoft Edge **Description** An elevation of privilege issue exists in Microsoft browsers, allowing sandbox escape. This could enable an attacker to elevate privileges on an affected system. The vulnerability by itself does not allow arbitrary code execution but could be used in combination with another vulnerability to run arbitrary code. **Recommendations** For Internet Explorer 11, update to a version that includes the fix for this issue. For Microsoft Edge, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.