In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071.

In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.

NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.

OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.

An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.

In OMA DRM, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722454; Issue ID: ALPS05722454.

In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.

In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510.

In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065.

In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336713.