Samsung Mobile Devices Security Vulnerabilities
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot...
4.4CVSS
4.8AI Score
0.0004EPSS
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the...
7.7CVSS
6.5AI Score
0.0004EPSS
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check...
5.5CVSS
5.5AI Score
0.0004EPSS
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain...
8.5CVSS
7.5AI Score
0.0004EPSS
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious...
7CVSS
7.1AI Score
0.0004EPSS
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files...
8.4CVSS
7.5AI Score
0.0004EPSS
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image...
5.5CVSS
5.3AI Score
0.0005EPSS
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without...
6.6CVSS
5.3AI Score
0.0004EPSS
Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer...
7.8CVSS
7.6AI Score
0.0004EPSS
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory...
7.8CVSS
7.5AI Score
0.0005EPSS
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media...
7.1CVSS
6.7AI Score
0.0005EPSS
Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain...
8.5CVSS
7.5AI Score
0.0004EPSS
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain...
8.5CVSS
7.5AI Score
0.0004EPSS
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media...
4CVSS
4AI Score
0.0004EPSS
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media...
7.1CVSS
6.6AI Score
0.0005EPSS
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media...
7.1CVSS
6.6AI Score
0.0005EPSS
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain...
8.5CVSS
7.5AI Score
0.0004EPSS
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain...
8.5CVSS
7.5AI Score
0.0004EPSS
Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds...
4.4CVSS
4.6AI Score
0.0004EPSS
Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote...
9.8CVSS
9.8AI Score
0.001EPSS
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote...
9.8CVSS
9.8AI Score
0.001EPSS
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged...
7.2CVSS
6.9AI Score
0.001EPSS
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code...
7.8CVSS
7.8AI Score
0.0004EPSS
Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote...
9.8CVSS
9.4AI Score
0.001EPSS
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote...
9.1CVSS
9AI Score
0.001EPSS
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote...
9.8CVSS
9.4AI Score
0.001EPSS
Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote...
9.8CVSS
9.4AI Score
0.001EPSS
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote...
9.8CVSS
9.4AI Score
0.001EPSS
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without...
3.3CVSS
3.9AI Score
0.0005EPSS
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote...
9.8CVSS
9.4AI Score
0.001EPSS
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote...
9.8CVSS
9.8AI Score
0.001EPSS
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without...
3.3CVSS
3.8AI Score
0.0005EPSS
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote...
9.8CVSS
9.4AI Score
0.001EPSS
Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote...
9.8CVSS
9.8AI Score
0.001EPSS
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote...
9.8CVSS
9.8AI Score
0.001EPSS
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote...
9.8CVSS
9.8AI Score
0.001EPSS
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged...
7.2CVSS
6.9AI Score
0.001EPSS
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain...
4.6CVSS
4.5AI Score
0.0005EPSS
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE...
3.3CVSS
4.2AI Score
0.0004EPSS
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware...
6.8CVSS
6.4AI Score
0.0005EPSS
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without...
6.8CVSS
6.4AI Score
0.0005EPSS
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel...
6.2CVSS
6.2AI Score
0.0005EPSS
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB...
7.1CVSS
6.9AI Score
0.0004EPSS
OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack...
5.5CVSS
5.3AI Score
0.0004EPSS
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock...
4.6CVSS
4.5AI Score
0.0005EPSS
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code...
9.8CVSS
9.6AI Score
0.002EPSS
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user...
4CVSS
4.2AI Score
0.0004EPSS
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without...
4.6CVSS
4.8AI Score
0.0005EPSS
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the...
7.8CVSS
7.3AI Score
0.0004EPSS
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the...
7.8CVSS
7.3AI Score
0.0004EPSS