Shuaibing Lu

Name of the Vulnerable Software and Affected Versions: DriverGenius version 9.61.3708.3054 Description: The issue allows attackers to cause a system crash via the ioctl command 0x9c402000 to the API endpoint ".MyDrivers0 0 1". Recommendations: For DriverGenius version 9.61.3708.3054, consider disabling the `MyDrivers64.sys` driver until a patch is available to prevent system crashes via the ioctl command. Restrict access to the `.MyDrivers0 0 1` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: APT versions prior to 2.1.2 Description: The issue is related to missing input validation in the ar/tar implementations, which could result in denial of service when processing specially crafted deb files. This could allow a remote attacker to cause a denial of service. Recommendations: For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of specially crafted deb files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Fire OS version 4.5.5.3 **Description** The issue allows attackers to inject a crafted argument via the `argument` of an ioctl on device `/dev/dsscomp` with the command `1118064517` and cause a kernel crash. **Recommendations** For Fire OS version 4.5.5.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fire OS version 4.5.5.3 **Description** The issue allows attackers to inject a crafted argument via the argument of an ioctl on device `/dev/gcioctl` with the command `3222560159` and cause a kernel crash. **Recommendations** For Fire OS version 4.5.5.3, as a temporary workaround, consider restricting access to the `/dev/gcioctl` device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fire OS version 4.5.5.3 **Description** The issue allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash. **Recommendations** For Fire OS version 4.5.5.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fire OS version 4.5.5.3 **Description** The issue allows attackers to inject a crafted argument via the `argument` of an ioctl on device `/dev/gcioctl` with the command `1077435789` and cause a kernel crash. **Recommendations** For Fire OS version 4.5.5.3, consider restricting access to the `/dev/gcioctl` device to minimize the risk of exploitation. Avoid using the command `1077435789` in the affected ioctl until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Fire OS version 4.5.5.3 **Description** The issue allows attackers to inject a crafted argument via the `argument` of an ioctl on device file "/dev/rpmsg-omx1" with the command 3221772291, and cause a kernel crash. This is due to a flaw in the kernel component, specifically in the file 'kernel/omap/drivers/rpmsg/rpmsg omx.c'. **Recommendations** For Fire OS version 4.5.5.3, as a temporary workaround, consider restricting access to the "/dev/rpmsg-omx1" device file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Qiku 360 Phone N6 Pro 1801-A01 (affected versions not specified) **Description** The issue allows attackers to cause a denial of service, resulting in a NULL pointer dereference and device crash, via a crafted 0xc0d8b300 ioctl call to the /dev/block/mmcblk0rpmb driver kernel module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.