Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.