Samsung Android
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Samsung Android.
EOL Dates
Ensure that you are using a supported version of Samsung Android. Here are some end of life, and end of support dates for Samsung Android.
| Release | EOL Date | Status |
|---|---|---|
| 16 | - |
Active
|
| 15 | - |
Active
|
| 14 | - |
Active
|
| 13 | March 2, 2026 |
EOL
Samsung Android 13 became EOL in 2026. |
| 12.1 | March 3, 2025 |
EOL
Samsung Android 12.1 became EOL in 2025. |
| 12 | March 3, 2025 |
EOL
Samsung Android 12 became EOL in 2025. |
| 11 | February 5, 2024 |
EOL
Samsung Android 11 became EOL in 2024. |
| 10 | March 6, 2023 |
EOL
Samsung Android 10 became EOL in 2023. |
| 9 | January 1, 2022 |
EOL
Samsung Android 9 became EOL in 2022. |
| 8.1 | January 10, 2021 |
EOL
Samsung Android 8.1 became EOL in 2021. |
| 8.0 | January 1, 2021 |
EOL
Samsung Android 8.0 became EOL in 2021. |
| 7.1 | October 1, 2019 |
EOL
Samsung Android 7.1 became EOL in 2019. |
| 7.0 | October 1, 2019 |
EOL
Samsung Android 7.0 became EOL in 2019. |
| 6.0 | August 1, 2018 |
EOL
Samsung Android 6.0 became EOL in 2018. |
| 5.1 | March 1, 2018 |
EOL
Samsung Android 5.1 became EOL in 2018. |
| 5.0 | March 1, 2018 |
EOL
Samsung Android 5.0 became EOL in 2018. |
| 4.4w | October 1, 2017 |
EOL
Samsung Android 4.4w became EOL in 2017. |
| 4.4 | October 1, 2017 |
EOL
Samsung Android 4.4 became EOL in 2017. |
| 4.3 | - |
Active
|
| 4.2 | - |
Active
|
By the Year
In 2026 there have been 0 vulnerabilities in Samsung Android. Last year, in 2025 Android had 43 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 43 | 5.69 |
| 2024 | 141 | 6.02 |
| 2023 | 156 | 6.24 |
| 2022 | 0 | 0.00 |
| 2021 | 9 | 5.81 |
| 2020 | 1 | 0.00 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Android Security Vulnerabilities
Local ID Disclosure via Improper Device Node Access
CVE-2025-20990
3.3 - Low
- August 06, 2025
Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
SamsungAccount: Local Privilege Escalation Allows Account Deactivation
CVE-2025-21010
- August 06, 2025
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
Improper Access Control in LeAudioService for Auracast Broadcast
CVE-2025-21002
5.5 - Medium
- July 08, 2025
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.
Apple iOS Emergency SOS Local Data Store Attack
CVE-2025-21003
5.5 - Medium
- July 08, 2025
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.
Insecure Storage of Sensitive Information
Android 15 Improper AC in isemtelephony Allows Local Leakage
CVE-2025-21005
- July 08, 2025
Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.
Android libsavsvc.so OOB Write in MPEG4 Codec Before v15
CVE-2025-21006
7.8 - High
- July 08, 2025
Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.
Memory Corruption
Android OOB Write in libsavsvc.so <15
CVE-2025-21007
- July 08, 2025
Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
Memory Corruption
OOB write in KnoxVault trustlet (Samsung) enabling local privileged
CVE-2025-20982
6.4 - Medium
- July 08, 2025
Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
OOB Write in KnoxVault Trustlet (Android)
CVE-2025-20983
6.4 - Medium
- July 08, 2025
Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Impr Auth: 2nd Users Retrieve Owner Wi-Fi Pass on Samsung Galaxy Tablet
CVE-2025-20999
2.1 - Low
- July 08, 2025
Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.
AuthZ
Improp Priv Mgmt: Local Attackers Can Enable Bluetooth
CVE-2025-21000
3.3 - Low
- July 08, 2025
Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth.
LeAudioService Improper Access Control Enables Local Stop of Auracast
CVE-2025-21001
5.5 - Medium
- July 08, 2025
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast.
Android libsavsvc.so OOB Read, Pre-Android 15 Memory Corruption
CVE-2025-21008
- July 08, 2025
Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
Out-of-bounds Read
Android libsavsvc.so OOB Read in Frame Header Decoding
CVE-2025-21009
- July 08, 2025
Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
Out-of-bounds Read
EnrichedCall: Implicit Intent Leak to Local Attackers (CVE-2025-20954)
CVE-2025-20954
5.5 - Medium
- May 07, 2025
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
Android NotificationHistoryImageProvider Exposes Images to Local Attacker
CVE-2025-20955
5.5 - Medium
- May 07, 2025
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.
CVE-2025-20957: Improper Access Control in SmartManagerCN
CVE-2025-20957
7.8 - High
- May 07, 2025
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.
Android UnifiedWFC Intent Verification Flaw Enables VoWiFi Manipulation
CVE-2025-20958
4.4 - Medium
- May 07, 2025
Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.
Android Wi-Fi P2P Implicit Intent Local Info Disclosure
CVE-2025-20959
5.5 - Medium
- May 07, 2025
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.
Android CocktailBarService Permission Bypass: Local API Abuse (CVE-2025-20960)
CVE-2025-20960
3.3 - Low
- May 07, 2025
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.
SmartManagerCN Local Access Control Flaw Enables Activity Execution
CVE-2025-20953
4.4 - Medium
- May 07, 2025
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
Android Keymaster trustlet OOB write enables local privileged writes
CVE-2025-20937
6.7 - Medium
- May 07, 2025
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-20964: OOB Write in libsavsvc.so Media Parser
CVE-2025-20964
7.8 - High
- May 07, 2025
Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
Memory Corruption
CVE-2025-20963: OOB Write in libsavsvc.so prior to SMR May-2025 Release 1
CVE-2025-20963
7.8 - High
- May 07, 2025
Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
Memory Corruption
SpenGesture Service RCE: Insufficient Perm Lets Local Attackers Track S Pen
CVE-2025-20962
4 - Medium
- May 07, 2025
Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.
Windows sepunion svc: Priv Elev via Insufficient Perm Hand (CVE-2025-20961)
CVE-2025-20961
5.5 - Medium
- May 07, 2025
Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.
Android Sticker Center LPE via Improper Access Control (CVE-2025-20934)
CVE-2025-20934
5.5 - Medium
- April 08, 2025
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.
Samsung Find Improper Privilege Management Exploit Allows Disabling
CVE-2025-20907
4.4 - Medium
- February 04, 2025
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
Out-of-bounds read/write in mPOS TUI Trustlet (CVE-2025-20905)
CVE-2025-20905
6.7 - Medium
- February 04, 2025
Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
Out-of-bounds Read
mPOS TUI Trustlet OOB Write Prior to SMR Feb-2025 Release 1
CVE-2025-20904
6.7 - Medium
- February 04, 2025
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
Memory Corruption
Access Control Bypass in Android NotificationMgr Local Attackers Change Settings
CVE-2025-20893
5.1 - Medium
- February 04, 2025
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.
Android bootloader PMF allows physical attacker to run fastboot
CVE-2025-20892
5.9 - Medium
- February 04, 2025
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
Out-of-bounds read in libsthmbc.so thumbnail decoder (CVE-2025-20891)
CVE-2025-20891
5.5 - Medium
- February 04, 2025
Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Out-of-bounds Read
OOB write libsthmbc.so local privilege escalation on Android devices
CVE-2025-20890
7.8 - High
- February 04, 2025
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
OOB read in libsthmbc.so leads to local memory disclosure
CVE-2025-20889
5.5 - Medium
- February 04, 2025
Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Memory Corruption
CVE-2025-20887: OOB Read in libsthmbc.so (svp8t Table) Local Memory Disclosure
CVE-2025-20887
5.5 - Medium
- February 04, 2025
Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Out-of-bounds Read
CVE-2025-20886: Privileged Access Leaks Test Key via SoftSim Trustlet
CVE-2025-20886
4.4 - Medium
- February 04, 2025
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
Insecure Storage of Sensitive Information
OOB Write in SoftSim Trustlet Causing Memory Corruption
CVE-2025-20885
6.7 - Medium
- February 04, 2025
Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
Memory Corruption
Samsung Message IAC Allows Physical Attacker Profile Data Access
CVE-2025-20884
4.6 - Medium
- February 04, 2025
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
Android SoundPicker Cross-Profile Data Leak (CVE-2025-20883)
CVE-2025-20883
4.6 - Medium
- February 04, 2025
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
OOB Write in libsthmbc.so Enables Privileged Local Code Exec
CVE-2025-20882
7.8 - High
- February 04, 2025
Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Local OOB write in libsthmbc.so allows privilege escalation on Samsung TV
CVE-2025-20881
7.8 - High
- February 04, 2025
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
OOB write in libsthmbc.so smp4vtd allows LPE
CVE-2025-20888
7.8 - High
- February 04, 2025
Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Samsung Dex Mode Authentication Bypass Vulnerability
CVE-2024-49414
2.4 - Low
- December 03, 2024
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
Samsung libsaped.so Out-of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-49415
9.8 - Critical
- December 03, 2024
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
Memory Corruption
SmartSwitch: Improper Verification of Cryptographic Signature Vulnerability
CVE-2024-49413
7.8 - High
- December 03, 2024
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
Improper Verification of Cryptographic Signature
ThemeCenter Path Traversal Vulnerability
CVE-2024-49411
4.6 - Medium
- December 03, 2024
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
Directory traversal
Samsung libswmfextractor.so Out-of-Bounds Write Vulnerability
CVE-2024-49410
7.8 - High
- December 03, 2024
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Samsung Settings Suggestion Privilege Escalation
CVE-2024-49401
7.1 - High
- November 06, 2024
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
System UI Sensitive Info Leak in Samsung SMR
CVE-2024-34677
3.3 - Low
- November 06, 2024
Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
Insecure Storage of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Samsung Android or by Samsung? Click the Watch button to subscribe.
