In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Google
Linux
Information Disclosure
Android
NVD
CVSS 3.0
3.3
EPSS
0.1%
In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Google
Linux
Information Disclosure
Android
NVD
CVSS 3.0
3.3
EPSS
0.1%