Xingyu Jin

**Name of the Vulnerable Software and Affected Versions** Samsung Exynos versions 9820 through 9825 Samsung Exynos versions 980 through 990 Samsung Exynos version 850 Samsung Exynos version W920 **Description** The issue is related to a use-after-free vulnerability in the m2m scaler driver of Samsung Mobile Processor and Wearable Processor Exynos models. This vulnerability leads to privilege escalation. The vulnerability is being exploited in the wild, allowing attackers to execute arbitrary code and escalate privileges on affected devices. The estimated number of potentially affected devices is not specified. **Recommendations** For Samsung Exynos versions 9820 through 9825, update to the latest security patch SMR-Oct-2024 to fix the vulnerability. For Samsung Exynos versions 980 through 990, update to the latest security patch SMR-Oct-2024 to fix the vulnerability. For Samsung Exynos version 850, update to the latest security patch SMR-Oct-2024 to fix the vulnerability. For Samsung Exynos version W920, update to the latest security patch SMR-Oct-2024 to fix the vulnerability. As a temporary workaround, consider restricting access to the vulnerable m2m scaler driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an off-by-one error in the CMA heap fault handler in the dma-buf: heaps component of the Linux kernel. This error allowed obtaining a mapping larger than the buffer size via mremap and bypassing the overflow check in dma buf mmap internal. When using such a mapping to attempt to fault past the end of the buffer, the CMA heap fault handler also checks the fault offset against the buffer size, but gets the boundary wrong by 1. The fix involves correcting the boundary check to prevent reading off the end of the pages array and inserting an arbitrary page in the mapping. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tvOS versions prior to 15.4 iOS versions prior to 15.4 iPadOS versions prior to 15.4 iTunes versions prior to 12.12.3 for Windows watchOS versions prior to 8.5 macOS Monterey versions prior to 12.3 **Description** An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted image may lead to arbitrary code execution. **Recommendations** For tvOS versions prior to 15.4, update to tvOS 15.4 or later. For iOS versions prior to 15.4, update to iOS 15.4 or later. For iPadOS versions prior to 15.4, update to iPadOS 15.4 or later. For iTunes versions prior to 12.12.3 for Windows, update to iTunes 12.12.3 or later for Windows. For watchOS versions prior to 8.5, update to watchOS 8.5 or later. For macOS Monterey versions prior to 12.3, update to macOS Monterey 12.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 15.4 Apple iOS versions prior to 15.4 Apple iPadOS versions prior to 15.4 Apple iTunes versions prior to 12.12.3 for Windows Apple watchOS versions prior to 8.5 Apple macOS Monterey versions prior to 12.3 **Description** A memory consumption issue was addressed with improved memory handling. Processing a maliciously crafted image may lead to heap corruption. **Recommendations** For tvOS, update to version 15.4 or later. For iOS, update to version 15.4 or later. For iPadOS, update to version 15.4 or later. For iTunes on Windows, update to version 12.12.3 or later. For watchOS, update to version 8.5 or later. For macOS Monterey, update to version 12.3 or later.