Samsung
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Samsung product.
Products by Samsung Sorted by Most Security Vulnerabilities since 2018
Known Exploited Samsung Vulnerabilities
The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Samsung Mobile Devices Use-After-Free Vulnerability |
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. CVE-2022-22265 Exploit Probability: 0.2% |
September 18, 2023 |
Samsung Mobile Devices Out-of-Bounds Read Vulnerability |
Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer. CVE-2021-25487 Exploit Probability: 0.9% |
June 29, 2023 |
Samsung Mobile Devices Improper Input Validation Vulnerability |
Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic. CVE-2021-25489 Exploit Probability: 0.3% |
June 29, 2023 |
Samsung Mobile Devices Race Condition Vulnerability |
Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25394 Exploit Probability: 0.9% |
June 29, 2023 |
Samsung Mobile Devices Race Condition Vulnerability |
Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25395 Exploit Probability: 0.2% |
June 29, 2023 |
Samsung Mobile Devices Unspecified Vulnerability |
Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. CVE-2021-25371 Exploit Probability: 1.9% |
June 29, 2023 |
Samsung Mobile Devices Improper Boundary Check Vulnerability |
Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. CVE-2021-25372 Exploit Probability: 1.4% |
June 29, 2023 |
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability |
Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. CVE-2023-21492 Exploit Probability: 0.5% |
May 19, 2023 |
Samsung Mobile Devices Improper Access Control Vulnerability |
Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370. CVE-2021-25337 Exploit Probability: 0.9% |
November 8, 2022 |
Samsung Mobile Devices Improper Access Control Vulnerability |
Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. CVE-2021-25369 Exploit Probability: 0.2% |
November 8, 2022 |
Samsung Mobile Devices Memory Corruption Vulnerability |
Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. CVE-2021-25370 Exploit Probability: 0.9% |
November 8, 2022 |
By the Year
In 2025 there have been 20 vulnerabilities in Samsung with an average score of 5.9 out of ten. Last year, in 2024 Samsung had 198 security vulnerabilities published. Right now, Samsung is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.03.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 20 | 5.95 |
2024 | 198 | 5.91 |
2023 | 227 | 6.27 |
2022 | 145 | 5.66 |
2021 | 73 | 5.79 |
2020 | 7 | 9.26 |
2019 | 7 | 7.16 |
2018 | 19 | 7.39 |
It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Security Vulnerabilities
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1
CVE-2025-20937
6.7 - Medium
- May 07, 2025
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Memory Corruption
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1
CVE-2025-20953
4.4 - Medium
- May 07, 2025
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1
CVE-2025-20954
5.5 - Medium
- May 07, 2025
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1
CVE-2025-20934
5.5 - Medium
- April 08, 2025
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20881
7.8 - High
- February 04, 2025
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20882
7.8 - High
- February 04, 2025
Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1
CVE-2025-20883
4.6 - Medium
- February 04, 2025
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1
CVE-2025-20884
4.6 - Medium
- February 04, 2025
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1
CVE-2025-20885
6.7 - Medium
- February 04, 2025
Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
Memory Corruption
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1
CVE-2025-20886
4.4 - Medium
- February 04, 2025
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
Insecure Storage of Sensitive Information
Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20887
5.5 - Medium
- February 04, 2025
Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Out-of-bounds Read
Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20888
7.8 - High
- February 04, 2025
Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20889
5.5 - Medium
- February 04, 2025
Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20890
7.8 - High
- February 04, 2025
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20891
5.5 - Medium
- February 04, 2025
Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Out-of-bounds Read
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command
CVE-2025-20892
5.9 - Medium
- February 04, 2025
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1
CVE-2025-20893
5.1 - Medium
- February 04, 2025
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1
CVE-2025-20904
6.7 - Medium
- February 04, 2025
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
Memory Corruption
Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1
CVE-2025-20905
6.7 - Medium
- February 04, 2025
Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
Out-of-bounds Read
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1
CVE-2025-20907
4.4 - Medium
- February 04, 2025
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
SmartThings Implicit Intent Information Disclosure Vulnerability
CVE-2024-49416
- December 03, 2024
Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.
Samsung libsaped.so Out-of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-49415
9.8 - Critical
- December 03, 2024
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
Memory Corruption
Samsung Dex Mode Authentication Bypass Vulnerability
CVE-2024-49414
2.4 - Low
- December 03, 2024
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
SmartSwitch: Improper Verification of Cryptographic Signature Vulnerability
CVE-2024-49413
7.8 - High
- December 03, 2024
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
Improper Verification of Cryptographic Signature
ThemeCenter Path Traversal Vulnerability
CVE-2024-49411
4.6 - Medium
- December 03, 2024
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
Directory traversal
Samsung libswmfextractor.so Out-of-Bounds Write Vulnerability
CVE-2024-49410
7.8 - High
- December 03, 2024
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Samsung Exynos Baseband Software Length Validation Vulnerability
CVE-2024-39343
- December 02, 2024
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead to Denial of Service.
Exynos Video Codec Integer Overflow Vulnerability
CVE-2018-9352
6.5 - Medium
- November 27, 2024
In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Integer Overflow or Wraparound
Modem IpcProtocol DoS via Input Validation Flaw
CVE-2024-34673
5.5 - Medium
- November 06, 2024
Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
Samsung Settings WiFi Password Exposure
CVE-2024-34682
2.4 - Low
- November 06, 2024
Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.
Samsung Voice Recorder v21 Access Control Bypass
CVE-2024-49403
4.6 - Medium
- November 06, 2024
Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.
Blockchain Keystore v1.3.15 Integrity Check Bypass
CVE-2024-49406
4.4 - Medium
- November 06, 2024
Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.
Improper Validation of Integrity Check Value
Galaxy S24 USB Driver OOB Write
CVE-2024-49408
6.7 - Medium
- November 06, 2024
Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
Memory Corruption
Galaxy S24 Battery Node OOB Write
CVE-2024-49409
6.7 - Medium
- November 06, 2024
Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
Memory Corruption
Samsung Contacts Profile Access Control Bypass
CVE-2024-34674
4.6 - Medium
- November 06, 2024
Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
Dex Mode Access Control Bypass
CVE-2024-34675
4.6 - Medium
- November 06, 2024
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
Samsung libsubextractor OOB Write
CVE-2024-34676
7.3 - High
- November 06, 2024
Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
Memory Corruption
System UI Sensitive Info Leak in Samsung SMR
CVE-2024-34677
3.3 - Low
- November 06, 2024
Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
Insecure Storage of Sensitive Information
Samsung libsapeextractor OOB Write
CVE-2024-34678
7.8 - High
- November 06, 2024
Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
Memory Corruption
Crane Privilege Escalation via Default Permissions
CVE-2024-34679
7.1 - High
- November 06, 2024
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
Incorrect Default Permissions
WlanTest Implicit Intent Info Leak
CVE-2024-34680
5.5 - Medium
- November 06, 2024
Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
Samsung Settings Suggestion Privilege Escalation
CVE-2024-49401
7.1 - High
- November 06, 2024
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
Dressroom Profile Data Leak via Input Validation Flaw
CVE-2024-49402
4.6 - Medium
- November 06, 2024
Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
Samsung Pass v4.4.04.7 Auth Bypass
CVE-2024-49405
4.6 - Medium
- November 06, 2024
Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.
Samsung Flow v4.9.15.7 Profile Access Control Bypass
CVE-2024-49407
4.6 - Medium
- November 06, 2024
Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.
Gallery App Permission Bypass Flaw
CVE-2024-51527
5.5 - Medium
- November 05, 2024
Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Samsung Exynos GPRS Heap Overflow
CVE-2024-45185
- November 04, 2024
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS protocol.
Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14
CVE-2024-34662
7.8 - High
- October 08, 2024
Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1
CVE-2024-34669
8.8 - High
- October 08, 2024
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1
CVE-2024-34665
8.8 - High
- October 08, 2024
Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1
CVE-2024-34666
8.8 - High
- October 08, 2024
Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1
CVE-2024-34667
8.8 - High
- October 08, 2024
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1
CVE-2024-34668
8.8 - High
- October 08, 2024
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege
CVE-2024-5760
7.8 - High
- September 11, 2024
The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.
Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62
CVE-2024-34660
7.8 - High
- September 04, 2024
Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
Memory Corruption
Exposure of sensitive information in GroupSharing prior to version 13.6.13.3
CVE-2024-34659
5.3 - Medium
- September 04, 2024
Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.
Out-of-bounds read in Samsung Notes
CVE-2024-34658
7.1 - High
- September 04, 2024
Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.
Out-of-bounds Read
Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62
CVE-2024-34657
9.8 - Critical
- September 04, 2024
Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.
Memory Corruption
Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7
CVE-2024-34661
4.3 - Medium
- September 04, 2024
Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.
Incorrect Default Permissions
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1
CVE-2024-34652
3.3 - Low
- September 04, 2024
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.
AuthZ
Improper authorization in My Files prior to SMR Sep-2024 Release 1
CVE-2024-34651
5.5 - Medium
- September 04, 2024
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.
AuthZ
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1
CVE-2024-34650
3.3 - Low
- September 04, 2024
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.
AuthZ
Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1
CVE-2024-34655
5.5 - Medium
- September 04, 2024
Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.
Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1
CVE-2024-34654
5.5 - Medium
- September 04, 2024
Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.
Path Traversal in My Files prior to SMR Sep-2024 Release 1
CVE-2024-34653
4.6 - Medium
- September 04, 2024
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
Directory traversal
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1
CVE-2024-34649
2.4 - Low
- September 04, 2024
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.
Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1
CVE-2024-34648
5.5 - Medium
- September 04, 2024
Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.
Incorrect Default Permissions
Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1
CVE-2024-34647
5.5 - Medium
- September 04, 2024
Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1
CVE-2024-34646
5.5 - Medium
- September 04, 2024
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.
Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1
CVE-2024-34645
4.6 - Medium
- September 04, 2024
Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications.
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1
CVE-2024-34644
5.5 - Medium
- September 04, 2024
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1
CVE-2024-34643
5.5 - Medium
- September 04, 2024
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1
CVE-2024-34642
4.6 - Medium
- September 04, 2024
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
AuthZ
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1
CVE-2024-34640
3.3 - Low
- September 04, 2024
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1
CVE-2024-34639
4.6 - Medium
- September 04, 2024
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
Improper Handling of Exceptional Conditions
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1
CVE-2024-34638
7.1 - High
- September 04, 2024
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
Improper Handling of Exceptional Conditions
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14
CVE-2024-34637
5.5 - Medium
- September 04, 2024
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
Path traversal in Samsung Notes prior to version 4.4.21.62
CVE-2024-34656
7.8 - High
- September 04, 2024
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
Directory traversal
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1
CVE-2024-34641
3.3 - Low
- September 04, 2024
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050
CVE-2024-7399
7.5 - High
- August 12, 2024
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
Directory traversal
Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62
CVE-2024-34621
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1
CVE-2024-34620
7.8 - High
- August 07, 2024
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1
CVE-2024-34619
8.8 - High
- August 07, 2024
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Improper access control in System property prior to SMR Aug-2024 Release 1
CVE-2024-34618
3.3 - Low
- August 07, 2024
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1
CVE-2024-34617
3.3 - Low
- August 07, 2024
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.
Incorrect Default Permissions
Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1
CVE-2024-34616
5.5 - Medium
- August 07, 2024
Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
Incorrect Default Permissions
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1
CVE-2024-34615
7.8 - High
- August 07, 2024
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.
Memory Corruption
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1
CVE-2024-34614
7.8 - High
- August 07, 2024
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1
CVE-2024-34613
5.5 - Medium
- August 07, 2024
Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1
CVE-2024-34612
7.8 - High
- August 07, 2024
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Improper access control in KnoxService prior to SMR Aug-2024 Release 1
CVE-2024-34611
5.5 - Medium
- August 07, 2024
Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1
CVE-2024-34610
5.5 - Medium
- August 07, 2024
Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1
CVE-2024-34609
5.5 - Medium
- August 07, 2024
Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1
CVE-2024-34608
5.5 - Medium
- August 07, 2024
Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1
CVE-2024-34607
5.5 - Medium
- August 07, 2024
Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1
CVE-2024-34606
5.5 - Medium
- August 07, 2024
Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1
CVE-2024-34605
5.5 - Medium
- August 07, 2024
Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
Improper access control in LedCoverService prior to SMR Aug-2024 Release 1
CVE-2024-34604
5.5 - Medium
- August 07, 2024
Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2
CVE-2024-34636
5.5 - Medium
- August 07, 2024
Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.