Samsung Mobile Devices Security Vulnerabilities
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup...
4.6CVSS
4.5AI Score
0.0004EPSS
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper...
7.9CVSS
7.8AI Score
0.0004EPSS
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without...
4.1CVSS
4AI Score
0.0004EPSS
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by...
7.8CVSS
7.3AI Score
0.0004EPSS
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge...
4.6CVSS
4.3AI Score
0.0005EPSS
Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's...
6.5CVSS
6.1AI Score
0.001EPSS
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit...
3.9CVSS
3.9AI Score
0.0004EPSS
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit...
3.9CVSS
3.9AI Score
0.0004EPSS
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base...
9.8CVSS
9.3AI Score
0.001EPSS
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit...
7.1CVSS
6.6AI Score
0.0004EPSS
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code...
6.7CVSS
6.8AI Score
0.0004EPSS
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user...
5.5CVSS
5.3AI Score
0.0004EPSS
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code...
8.4CVSS
7.8AI Score
0.0004EPSS
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code...
6.7CVSS
6.8AI Score
0.0004EPSS
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system...
6CVSS
5.9AI Score
0.0004EPSS
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application...
5.3CVSS
4.6AI Score
0.0004EPSS
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary...
7.8CVSS
7.5AI Score
0.0004EPSS
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE...
4CVSS
4.1AI Score
0.0004EPSS
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary...
5.5CVSS
5.5AI Score
0.0004EPSS
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact...
4.4CVSS
4.1AI Score
0.0005EPSS
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC...
4CVSS
3.9AI Score
0.0004EPSS
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX...
6.1CVSS
6.2AI Score
0.0005EPSS
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application...
4CVSS
4.1AI Score
0.0004EPSS
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper...
4CVSS
4AI Score
0.0004EPSS
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code...
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without...
7.7CVSS
6.7AI Score
0.0004EPSS
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary...
5.5CVSS
5.5AI Score
0.0004EPSS
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive...
6.5CVSS
6.4AI Score
0.001EPSS
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access...
4CVSS
4.1AI Score
0.0004EPSS
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track...
7.5CVSS
7.5AI Score
0.001EPSS
An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code...
7.8CVSS
7.8AI Score
0.0004EPSS
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code...
6.7CVSS
6.8AI Score
0.0004EPSS
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without...
4CVSS
3.8AI Score
0.0004EPSS
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the...
2.4CVSS
4AI Score
0.0005EPSS
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal...
7.8CVSS
7.5AI Score
0.0004EPSS
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain...
7.8CVSS
7.5AI Score
0.0004EPSS
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code...
7.8CVSS
7.7AI Score
0.0004EPSS
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without...
7.9CVSS
5.2AI Score
0.0004EPSS
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected...
5.7CVSS
4.1AI Score
0.0004EPSS
Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code...
6.7CVSS
6.9AI Score
0.0004EPSS
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE...
7.2CVSS
4.7AI Score
0.0004EPSS
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of...
4.9CVSS
5.2AI Score
0.001EPSS
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code...
7.2CVSS
7.4AI Score
0.001EPSS
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework...
5.9CVSS
5.6AI Score
0.0004EPSS
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB...
5.5CVSS
5.6AI Score
0.0004EPSS
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer...
4.4CVSS
4.9AI Score
0.0004EPSS
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function...
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in...
4.4CVSS
4.5AI Score
0.0004EPSS
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB...
6.5CVSS
6.5AI Score
0.001EPSS
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch...
4CVSS
4.2AI Score
0.0004EPSS