Samsung Samsung

Do you want an email whenever new security vulnerabilities are reported in any Samsung product?

Products by Samsung Sorted by Most Security Vulnerabilities since 2018

Samsung Android120 vulnerabilities

Samsung Internet18 vulnerabilities

Samsung Galaxy Store15 vulnerabilities

Samsung Smartthings13 vulnerabilities

Samsung Mtower13 vulnerabilities

Samsung Notes13 vulnerabilities

Samsung Account11 vulnerabilities

Samsung Mobile7 vulnerabilities

Samsung Syncthru Web Service7 vulnerabilities

Samsung Blockchain Keystore6 vulnerabilities

Samsung Galaxy Watch Plugin6 vulnerabilities

Samsung Pass6 vulnerabilities

Samsung Cloud5 vulnerabilities

Samsung Wear Os5 vulnerabilities

Samsung Email5 vulnerabilities

Samsung Smart Switch Pc5 vulnerabilities

Samsung Tizenrt5 vulnerabilities

Samsung Health5 vulnerabilities

Samsung Pass5 vulnerabilities

Samsung Find My Mobile4 vulnerabilities

Samsung Galaxy Apps4 vulnerabilities

Samsung Flow4 vulnerabilities

Samsung Pay Kr3 vulnerabilities

Samsung Pay3 vulnerabilities

Samsung Email3 vulnerabilities

Samsung Exynos3 vulnerabilities

Samsung Factorycamera3 vulnerabilities

Samsung Gallery3 vulnerabilities

Samsung Pay Mini3 vulnerabilities

Samsung Harman Infotainment3 vulnerabilities

Samsung Kies3 vulnerabilities

Samsung Members3 vulnerabilities

Samsung Bixby Vision2 vulnerabilities

Samsung Bixby Voice2 vulnerabilities

Samsung S Assistant2 vulnerabilities

Samsung Charm2 vulnerabilities

Samsung Checkout2 vulnerabilities

Samsung Internet Browser2 vulnerabilities

Samsung Smarttagplugin2 vulnerabilities

Samsung Quick Share2 vulnerabilities

Samsung Editor Lite2 vulnerabilities

Samsung Factorycamerafb2 vulnerabilities

Samsung Flow2 vulnerabilities

Samsung Members2 vulnerabilities

Samsung Searchwidget2 vulnerabilities

Samsung Pay2 vulnerabilities

Samsung Watch Active2 Plugin2 vulnerabilities

Samsung Watch Active Plugin2 vulnerabilities

Samsung Update2 vulnerabilities

Samsung Billing1 vulnerability

Samsung Bixby1 vulnerability

Samsung Bixby Touch1 vulnerability

Samsung Blockchain Wallet1 vulnerability

Samsung Calendar1 vulnerability

Samsung Cameralyzer1 vulnerability

Samsung Capture1 vulnerability

Samsung Clp 360 Ss062a1 vulnerability

Samsung Clp 365 Ss066a1 vulnerability

Samsung Clp 366 Ss068a1 vulnerability

Samsung Clp 366 Sv600a1 vulnerability

Samsung Clp 368 Sv601a1 vulnerability

Samsung Clp 560 Sv611a1 vulnerability

Samsung Clp 560 Sv612a1 vulnerability

Samsung Clp 680 Ss075a1 vulnerability

Samsung Clp 680 Ss076a1 vulnerability

Samsung Clp 775 Ss078a1 vulnerability

Samsung Clx 6260 Ss105a1 vulnerability

Samsung Clx 6260 Ss106a1 vulnerability

Samsung Clx 6260 Ss107a1 vulnerability

Samsung Clx 6260 Ss108a1 vulnerability

Samsung Clx 6260 Sw177a1 vulnerability

Samsung Contacts1 vulnerability

Samsung Contacts Provider1 vulnerability

Samsung Ddr41 vulnerability

Samsung Display Solutions1 vulnerability

Samsung Exynos 88951 vulnerability

Samsung Exynos Smp13001 vulnerability

Samsung Galaxy Themes1 vulnerability

Samsung Lpddr41 vulnerability

Samsung Ml 3750 Ss138a1 vulnerability

Samsung Ml 4510 Ss141a1 vulnerability

Samsung Ml 5010 Ss145a1 vulnerability

Samsung Ml 5012 Ss146a1 vulnerability

Samsung Ml 5015 Ss147a1 vulnerability

Samsung Ml 5017 Ss148a1 vulnerability

Samsung Ml 5510 Ss149a1 vulnerability

Samsung Ml 5510 Ss150a1 vulnerability

Samsung Ml 5510 Ss151a1 vulnerability

Samsung Ml 5510 Ss152a1 vulnerability

Samsung Ml 6510 Ss153a1 vulnerability

Samsung Ml 6510 Ss154a1 vulnerability

Samsung Ml 6510 Sv899c1 vulnerability

Samsung Ml 6510 Sv900a1 vulnerability

Known Exploited Samsung Vulnerabilities

The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Samsung Mobile Devices Use-After-Free Vulnerability Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. CVE-2022-22265 September 18, 2023
Samsung Mobile Devices Out-of-Bounds Read Vulnerability Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer. CVE-2021-25487 June 29, 2023
Samsung Mobile Devices Improper Input Validation Vulnerability Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic. CVE-2021-25489 June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25394 June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25395 June 29, 2023
Samsung Mobile Devices Unspecified Vulnerability Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. CVE-2021-25371 June 29, 2023
Samsung Mobile Devices Improper Boundary Check Vulnerability Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. CVE-2021-25372 June 29, 2023
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. CVE-2023-21492 May 19, 2023
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370. CVE-2021-25337 November 8, 2022
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. CVE-2021-25369 November 8, 2022
Samsung Mobile Devices Memory Corruption Vulnerability Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. CVE-2021-25370 November 8, 2022

By the Year

In 2023 there have been 163 vulnerabilities in Samsung with an average score of 6.2 out of ten. Last year Samsung had 145 security vulnerabilities published. That is, 18 more vulnerabilities have already been reported in 2023 as compared to last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.52.

Year Vulnerabilities Average Score
2023 163 6.19
2022 145 5.66
2021 64 5.72
2020 7 9.26
2019 6 6.72
2018 19 7.39

It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Security Vulnerabilities

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could

CVE-2023-41929 7.3 - High - September 18, 2023

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)

DLL preloading

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1

CVE-2023-30718 3.3 - Low - September 06, 2023

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1

CVE-2023-30706 4.9 - Medium - September 06, 2023

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.

Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1

CVE-2023-30707 7.1 - High - September 06, 2023

Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.

Improper authentication in SecSettings prior to SMR Sep-2023 Release 1

CVE-2023-30708 7.5 - High - September 06, 2023

Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.

authentification

Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1

CVE-2023-30709 6.7 - Medium - September 06, 2023

Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.

Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1

CVE-2023-30710 7.8 - High - September 06, 2023

Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1

CVE-2023-30711 3.3 - Low - September 06, 2023

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1

CVE-2023-30712 7.8 - High - September 06, 2023

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.

Improper Input Validation

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1

CVE-2023-30713 5.5 - Medium - September 06, 2023

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.

Improper Privilege Management

Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1

CVE-2023-30714 4.6 - Medium - September 06, 2023

Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1

CVE-2023-30715 3.3 - Low - September 06, 2023

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.

Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1

CVE-2023-30716 5.5 - Medium - September 06, 2023

Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.

Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1

CVE-2023-30717 3.3 - Low - September 06, 2023

Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1

CVE-2023-30719 3.3 - Low - September 06, 2023

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1

CVE-2023-30720 5.5 - Medium - September 06, 2023

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1

CVE-2023-30721 4.4 - Medium - September 06, 2023

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.

Insertion of Sensitive Information into Log File

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011

CVE-2023-30723 9.8 - Critical - September 06, 2023

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege.

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2

CVE-2023-30724 3.3 - Low - September 06, 2023

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.

authentification

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2

CVE-2023-30725 5.5 - Medium - September 06, 2023

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.

authentification

PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5

CVE-2023-30726 5.5 - Medium - September 06, 2023

PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data.

Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file

CVE-2023-30728 5.5 - Medium - September 06, 2023

Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction.

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0

CVE-2023-30729 7.5 - High - September 06, 2023

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information.

Improper Certificate Validation

Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5

CVE-2023-30722 7.8 - High - September 06, 2023

Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.

An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014

CVE-2021-35309 7.5 - High - August 22, 2023

An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password

CVE-2023-40291 6.8 - Medium - August 14, 2023

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.

Harman Infotainment 20190525031613 and later discloses the IP address

CVE-2023-40292 4.3 - Medium - August 14, 2023

Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.

Harman Infotainment 20190525031613 and later

CVE-2023-40293 6.8 - Medium - August 14, 2023

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.

Command Injection

Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1

CVE-2023-30654 5.5 - Medium - August 10, 2023

Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.

Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30689 7.8 - High - August 10, 2023

Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1

CVE-2023-30691 7.8 - High - August 10, 2023

Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.

Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30693 7.8 - High - August 10, 2023

Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30694 7.8 - High - August 10, 2023

Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30696 7.8 - High - August 10, 2023

An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Memory Corruption

An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30697 7.8 - High - August 10, 2023

An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Memory Corruption

Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1

CVE-2023-30698 5.5 - Medium - August 10, 2023

Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.

Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1

CVE-2023-30699 9.8 - Critical - August 10, 2023

Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.

Memory Corruption

Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1

CVE-2023-30703 4.3 - Medium - August 10, 2023

Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.

Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35

CVE-2023-30704 4.6 - Medium - August 10, 2023

Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?

CVE-2023-30705 5.5 - Medium - August 10, 2023

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.

AuthZ

PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1

CVE-2023-30700 3.3 - Low - August 10, 2023

PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.

PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1

CVE-2023-30701 5.5 - Medium - August 10, 2023

PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.

An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1

CVE-2023-30681 7.8 - High - August 10, 2023

An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Memory Corruption

Improper access control in Telecom prior to SMR Aug-2023 Release 1

CVE-2023-30682 3.3 - Low - August 10, 2023

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.

Improper access control in Telecom prior to SMR Aug-2023 Release 1

CVE-2023-30683 3.3 - Low - August 10, 2023

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1

CVE-2023-30684 3.3 - Low - August 10, 2023

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.

Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1

CVE-2023-30685 3.3 - Low - August 10, 2023

Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.

Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30686 7.8 - High - August 10, 2023

Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30687 7.8 - High - August 10, 2023

Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1

CVE-2023-30679 7.8 - High - August 10, 2023

Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.

Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1

CVE-2023-30680 7.8 - High - August 10, 2023

Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.

Improper Privilege Management

Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30688 7.8 - High - August 10, 2023

Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1

CVE-2023-30673 5.5 - Medium - July 06, 2023

Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.

Improper Validation of Integrity Check Value

Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1

CVE-2023-30664 7.8 - High - July 06, 2023

Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1

CVE-2023-30663 7.8 - High - July 06, 2023

Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

Improper Input Validation

Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1

CVE-2023-30662 5.5 - Medium - July 06, 2023

Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1

CVE-2023-30661 5.5 - Medium - July 06, 2023

Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1

CVE-2023-30660 5.5 - Medium - July 06, 2023

Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1

CVE-2023-30659 7.8 - High - July 06, 2023

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1

CVE-2023-30658 7.8 - High - July 06, 2023

Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1

CVE-2023-30657 7.8 - High - July 06, 2023

Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Improper configuration in Samsung Internet prior to version 21.0.0.41

CVE-2023-30674 6.5 - Medium - July 06, 2023

Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.

Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1

CVE-2023-30656 7.8 - High - July 06, 2023

Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1

CVE-2023-30655 7.8 - High - July 06, 2023

Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1

CVE-2023-30653 7.8 - High - July 06, 2023

Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1

CVE-2023-30652 7.8 - High - July 06, 2023

Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1

CVE-2023-30651 7.8 - High - July 06, 2023

Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1

CVE-2023-30650 7.8 - High - July 06, 2023

Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1

CVE-2023-30649 7.8 - High - July 06, 2023

Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

Memory Corruption

Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.

CVE-2023-30648 5.5 - Medium - July 06, 2023

Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.

Memory Corruption

Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1

CVE-2023-30647 7.8 - High - July 06, 2023

Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

Memory Corruption

Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1

CVE-2023-30645 7.8 - High - July 06, 2023

Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

Memory Corruption

Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1

CVE-2023-30644 7.8 - High - July 06, 2023

Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

Memory Corruption

Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1

CVE-2023-30643 7.1 - High - July 06, 2023

Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.

Missing Authentication for Critical Function

Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1

CVE-2023-30642 5.5 - Medium - July 06, 2023

Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.

Improper Privilege Management

Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1

CVE-2023-30641 4.3 - Medium - July 06, 2023

Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.

Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1

CVE-2023-30640 3.3 - Low - July 06, 2023

Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1

CVE-2023-30677 4.6 - Medium - July 06, 2023

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1

CVE-2023-30676 4.6 - Medium - July 06, 2023

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.

Improper authentication in Samsung Pass prior to version 4.2.03.1

CVE-2023-30675 5.5 - Medium - July 06, 2023

Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.

authentification

Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1

CVE-2023-30670 7.8 - High - July 06, 2023

Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1

CVE-2023-30669 7.8 - High - July 06, 2023

Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1

CVE-2023-30668 7.8 - High - July 06, 2023

Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper access control in Audio system service prior to SMR Jul-2023 Release 1

CVE-2023-30667 3.3 - Low - July 06, 2023

Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.

Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1

CVE-2023-30666 7.8 - High - July 06, 2023

Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

Memory Corruption

Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1

CVE-2023-30665 4.4 - Medium - July 06, 2023

Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.

Out-of-bounds Read

Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3

CVE-2023-30672 5.5 - Medium - July 06, 2023

Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.

Logic error in package installation via adb command prior to SMR Jul-2023 Release 1

CVE-2023-30671 5.5 - Medium - July 06, 2023

Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.

Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1

CVE-2023-30646 7.8 - High - July 06, 2023

Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

Memory Corruption

Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1

CVE-2023-21512 3.3 - Low - June 28, 2023

Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.

Incorrect Default Permissions

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models

CVE-2023-21518 7.8 - High - June 28, 2023

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way

CVE-2023-21513 6.8 - Medium - June 28, 2023

Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1

CVE-2023-21517 9.8 - Critical - June 28, 2023

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.

Memory Corruption

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8

CVE-2023-21514 8.8 - High - May 26, 2023

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Improper Input Validation

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8

CVE-2023-21515 8.8 - High - May 26, 2023

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8

CVE-2023-21516 9.6 - Critical - May 26, 2023

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

XSS

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1

CVE-2023-21485 4.6 - Medium - May 04, 2023

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1

CVE-2023-21489 6.8 - Medium - May 04, 2023

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.

Memory Corruption

Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1

CVE-2023-21488 7.8 - High - May 04, 2023

Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1

CVE-2023-21492 4.4 - Medium - May 04, 2023

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

Insertion of Sensitive Information into Log File

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.