In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Boa is an embeddable and experimental Javascript engine written in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. Rated high severity (CVSS 7.0).