Samsung
Products by Samsung Sorted by Most Security Vulnerabilities since 2018
Known Exploited Samsung Vulnerabilities
The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
Title | Description | Added |
---|---|---|
Samsung Mobile Devices Use-After-Free Vulnerability | Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. CVE-2022-22265 | September 18, 2023 |
Samsung Mobile Devices Out-of-Bounds Read Vulnerability | Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer. CVE-2021-25487 | June 29, 2023 |
Samsung Mobile Devices Improper Input Validation Vulnerability | Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic. CVE-2021-25489 | June 29, 2023 |
Samsung Mobile Devices Race Condition Vulnerability | Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25394 | June 29, 2023 |
Samsung Mobile Devices Race Condition Vulnerability | Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25395 | June 29, 2023 |
Samsung Mobile Devices Unspecified Vulnerability | Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. CVE-2021-25371 | June 29, 2023 |
Samsung Mobile Devices Improper Boundary Check Vulnerability | Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. CVE-2021-25372 | June 29, 2023 |
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. CVE-2023-21492 | May 19, 2023 |
Samsung Mobile Devices Improper Access Control Vulnerability | Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370. CVE-2021-25337 | November 8, 2022 |
Samsung Mobile Devices Improper Access Control Vulnerability | Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. CVE-2021-25369 | November 8, 2022 |
Samsung Mobile Devices Memory Corruption Vulnerability | Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. CVE-2021-25370 | November 8, 2022 |
By the Year
In 2023 there have been 163 vulnerabilities in Samsung with an average score of 6.2 out of ten. Last year Samsung had 145 security vulnerabilities published. That is, 18 more vulnerabilities have already been reported in 2023 as compared to last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.52.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 163 | 6.19 |
2022 | 145 | 5.66 |
2021 | 64 | 5.72 |
2020 | 7 | 9.26 |
2019 | 6 | 6.72 |
2018 | 19 | 7.39 |
It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Security Vulnerabilities
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could
CVE-2023-41929
7.3 - High
- September 18, 2023
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)
DLL preloading
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1
CVE-2023-30718
3.3 - Low
- September 06, 2023
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1
CVE-2023-30706
4.9 - Medium
- September 06, 2023
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1
CVE-2023-30707
7.1 - High
- September 06, 2023
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1
CVE-2023-30708
7.5 - High
- September 06, 2023
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
authentification
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1
CVE-2023-30709
6.7 - Medium
- September 06, 2023
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1
CVE-2023-30710
7.8 - High
- September 06, 2023
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1
CVE-2023-30711
3.3 - Low
- September 06, 2023
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1
CVE-2023-30712
7.8 - High
- September 06, 2023
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
Improper Input Validation
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1
CVE-2023-30713
5.5 - Medium
- September 06, 2023
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
Improper Privilege Management
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1
CVE-2023-30714
4.6 - Medium
- September 06, 2023
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1
CVE-2023-30715
3.3 - Low
- September 06, 2023
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1
CVE-2023-30716
5.5 - Medium
- September 06, 2023
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1
CVE-2023-30717
3.3 - Low
- September 06, 2023
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1
CVE-2023-30719
3.3 - Low
- September 06, 2023
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1
CVE-2023-30720
5.5 - Medium
- September 06, 2023
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1
CVE-2023-30721
4.4 - Medium
- September 06, 2023
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.
Insertion of Sensitive Information into Log File
Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011
CVE-2023-30723
9.8 - Critical
- September 06, 2023
Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege.
Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2
CVE-2023-30724
3.3 - Low
- September 06, 2023
Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.
authentification
Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2
CVE-2023-30725
5.5 - Medium
- September 06, 2023
Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.
authentification
PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5
CVE-2023-30726
5.5 - Medium
- September 06, 2023
PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data.
Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file
CVE-2023-30728
5.5 - Medium
- September 06, 2023
Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction.
Improper Certificate Validation in Samsung Email prior to version 6.1.82.0
CVE-2023-30729
7.5 - High
- September 06, 2023
Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information.
Improper Certificate Validation
Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5
CVE-2023-30722
7.8 - High
- September 06, 2023
Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014
CVE-2021-35309
7.5 - High
- August 22, 2023
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password
CVE-2023-40291
6.8 - Medium
- August 14, 2023
Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name.
Harman Infotainment 20190525031613 and later discloses the IP address
CVE-2023-40292
4.3 - Medium
- August 14, 2023
Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.
Harman Infotainment 20190525031613 and later
CVE-2023-40293
6.8 - Medium
- August 14, 2023
Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.
Command Injection
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1
CVE-2023-30654
5.5 - Medium
- August 10, 2023
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.
Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30689
7.8 - High
- August 10, 2023
Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1
CVE-2023-30691
7.8 - High
- August 10, 2023
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.
Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30693
7.8 - High
- August 10, 2023
Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30694
7.8 - High
- August 10, 2023
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30696
7.8 - High
- August 10, 2023
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30697
7.8 - High
- August 10, 2023
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1
CVE-2023-30698
5.5 - Medium
- August 10, 2023
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1
CVE-2023-30699
9.8 - Critical
- August 10, 2023
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.
Memory Corruption
Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1
CVE-2023-30703
4.3 - Medium
- August 10, 2023
Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35
CVE-2023-30704
4.6 - Medium
- August 10, 2023
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?
CVE-2023-30705
5.5 - Medium
- August 10, 2023
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.
AuthZ
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1
CVE-2023-30700
3.3 - Low
- August 10, 2023
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1
CVE-2023-30701
5.5 - Medium
- August 10, 2023
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1
CVE-2023-30681
7.8 - High
- August 10, 2023
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
Improper access control in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30682
3.3 - Low
- August 10, 2023
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.
Improper access control in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30683
3.3 - Low
- August 10, 2023
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30684
3.3 - Low
- August 10, 2023
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30685
3.3 - Low
- August 10, 2023
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30686
7.8 - High
- August 10, 2023
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30687
7.8 - High
- August 10, 2023
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1
CVE-2023-30679
7.8 - High
- August 10, 2023
Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1
CVE-2023-30680
7.8 - High
- August 10, 2023
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.
Improper Privilege Management
Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30688
7.8 - High
- August 10, 2023
Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1
CVE-2023-30673
5.5 - Medium
- July 06, 2023
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.
Improper Validation of Integrity Check Value
Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1
CVE-2023-30664
7.8 - High
- July 06, 2023
Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30663
7.8 - High
- July 06, 2023
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
Improper Input Validation
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30662
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30661
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30660
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1
CVE-2023-30659
7.8 - High
- July 06, 2023
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1
CVE-2023-30658
7.8 - High
- July 06, 2023
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1
CVE-2023-30657
7.8 - High
- July 06, 2023
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper configuration in Samsung Internet prior to version 21.0.0.41
CVE-2023-30674
6.5 - Medium
- July 06, 2023
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1
CVE-2023-30656
7.8 - High
- July 06, 2023
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.
Improper Input Validation
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1
CVE-2023-30655
7.8 - High
- July 06, 2023
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30653
7.8 - High
- July 06, 2023
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30652
7.8 - High
- July 06, 2023
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30651
7.8 - High
- July 06, 2023
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30650
7.8 - High
- July 06, 2023
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30649
7.8 - High
- July 06, 2023
Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.
CVE-2023-30648
5.5 - Medium
- July 06, 2023
Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.
Memory Corruption
Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30647
7.8 - High
- July 06, 2023
Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30645
7.8 - High
- July 06, 2023
Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30644
7.8 - High
- July 06, 2023
Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1
CVE-2023-30643
7.1 - High
- July 06, 2023
Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.
Missing Authentication for Critical Function
Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1
CVE-2023-30642
5.5 - Medium
- July 06, 2023
Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.
Improper Privilege Management
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1
CVE-2023-30641
4.3 - Medium
- July 06, 2023
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1
CVE-2023-30640
3.3 - Low
- July 06, 2023
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1
CVE-2023-30677
4.6 - Medium
- July 06, 2023
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1
CVE-2023-30676
4.6 - Medium
- July 06, 2023
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.
Improper authentication in Samsung Pass prior to version 4.2.03.1
CVE-2023-30675
5.5 - Medium
- July 06, 2023
Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.
authentification
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30670
7.8 - High
- July 06, 2023
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30669
7.8 - High
- July 06, 2023
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30668
7.8 - High
- July 06, 2023
Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper access control in Audio system service prior to SMR Jul-2023 Release 1
CVE-2023-30667
3.3 - Low
- July 06, 2023
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30666
7.8 - High
- July 06, 2023
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
Memory Corruption
Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30665
4.4 - Medium
- July 06, 2023
Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.
Out-of-bounds Read
Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3
CVE-2023-30672
5.5 - Medium
- July 06, 2023
Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1
CVE-2023-30671
5.5 - Medium
- July 06, 2023
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.
Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30646
7.8 - High
- July 06, 2023
Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1
CVE-2023-21512
3.3 - Low
- June 28, 2023
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
Incorrect Default Permissions
Improper access control vulnerability in SearchWidget prior to version 3.3 in China models
CVE-2023-21518
7.8 - High
- June 28, 2023
Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way
CVE-2023-21513
6.8 - Medium
- June 28, 2023
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1
CVE-2023-21517
9.8 - Critical
- June 28, 2023
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
Memory Corruption
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8
CVE-2023-21514
8.8 - High
- May 26, 2023
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
Improper Input Validation
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8
CVE-2023-21515
8.8 - High
- May 26, 2023
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8
CVE-2023-21516
9.6 - Critical
- May 26, 2023
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
XSS
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1
CVE-2023-21485
4.6 - Medium
- May 04, 2023
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1
CVE-2023-21489
6.8 - Medium
- May 04, 2023
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
Memory Corruption
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1
CVE-2023-21488
7.8 - High
- May 04, 2023
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.