In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable location. An attacker with read access to the user's contents could connect to the Connect2 hotspot and see the contents of files while they are being transferred between the two systems.

In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write.

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.

In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.

In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory.

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function.

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.

In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.

In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.

In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.

In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.

In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.

In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to buffer overflow or write to arbitrary pointer location.

In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned off by Bluetooth.

In all Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition.

In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.

In all Android releases from CAF using the Linux kernel, a race condition potentially exists in the ioctl handler of a sound driver.

In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.

In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.

In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.