Tong Lin

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.11.1 **Description** The issue is related to the `sanity check raw super` function in the Linux kernel, which does not properly validate the segment count. This allows local users to gain privileges via unspecified vectors. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Linux kernel versions prior to 4.11.1, update to version 4.11.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `sanity check raw super` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.10.15 **Description** The issue is related to a race condition in the fs/timerfd.c component of the Linux kernel, which can be exploited by local users through simultaneous file-descriptor operations. This can lead to privilege escalation or a denial of service, resulting in list corruption or use-after-free. The vulnerability is associated with improper might cancel queueing. **Recommendations** For Linux kernel versions prior to 4.10.15, update to version 4.10.15 or later to resolve the issue. As a temporary workaround, consider restricting simultaneous file-descriptor operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the kernel sound subsystem, which could allow a local malicious application to execute arbitrary code within the context of the kernel. This is rated as High because it first requires compromising a privileged process. The vulnerability is also associated with insufficient access control in the sound management subsystem, potentially allowing a remote attacker to execute arbitrary code. **Recommendations** For Android versions Kernel-3.10 through Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10 through Kernel-3.18 **Description** The issue is related to insufficient access control in the Qualcomm sound driver of the Android operating system. It allows a remote attacker to execute arbitrary code within the context of the kernel, but first requires compromising a privileged process. This problem is considered high-risk. **Recommendations** For Android versions Kernel-3.10 through Kernel-3.18, update to a version that includes the fix for this issue, as referenced by Android ID: A-31252384. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An elevation of privilege issue in the NVIDIA GPU driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue may lead to a local permanent device compromise, requiring reflashing the operating system to repair the device. **Recommendations** For Android versions prior to 2016-11-05, update the operating system to a version released on or after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An elevation of privilege issue in the NVIDIA GPU driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue may lead to a local permanent device compromise, requiring reflashing the operating system to repair the device. **Recommendations** For Android versions prior to 2016-11-05, update the operating system to a version released on or after 2016-11-05 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-11-05 **Description** An elevation of privilege issue in the NVIDIA GPU driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue may lead to a local permanent device compromise, requiring reflashing the operating system to repair the device. **Recommendations** For versions prior to 2016-11-05, update the Android operating system to a version released on or after 2016-11-05 to resolve the issue.