Tchebb

**Name of the Vulnerable Software and Affected Versions** Android versions 12 and 13 **Description** The issue is related to improper input validation in the `createSessionInternal` function of `PackageInstallerService.java`, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. This could allow an attacker to gain access to the database of any application, including WhatsApp, by exploiting the vulnerability. The estimated number of potentially affected devices is not specified, but the issue is known to affect Android versions 12 and 13. **Recommendations** For Android versions 12 and 13, consider disabling the `createSessionInternal` function until a patch is available. Restrict access to the `PackageInstallerService` module to minimize the risk of exploitation. Avoid using the `run-as` command in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2023-12-05 security patch **Description** The issue is related to the APEX module framework of AOSP, where improperly used crypto could lead to a malicious update of platform components. This could result in local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. Several Android OEMs, including ASUS, Fairphone, Lenovo, Microsoft, Nokia, Nothing, and Vivo, were affected as they were signing some of their APEX modules with publicly available test keys. **Recommendations** For Android versions prior to 2023-12-05 security patch, update to a version that includes the December 2023 security update to resolve the issue. As a temporary workaround, consider restricting access to the APEX module framework until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GCC versions prior to the fixed version **Description** A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in an application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using `alloca()`. The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate the application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AirVelocity 1500 versions 9.3.0.01249 through 15.18.00.2511 **Description** An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. **Recommendations** For AirVelocity 1500 versions 9.3.0.01249 through 15.18.00.2511, at the moment, there is no information about a newer version that contains a fix for this vulnerability.