Samsung Android
By the Year
In 2024 there have been 15 vulnerabilities in Samsung Android with an average score of 6.3 out of ten. Last year Android had 154 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.04.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 15 | 6.28 |
2023 | 154 | 6.24 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Android Security Vulnerabilities
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1
CVE-2024-20812
7.8 - High
- February 06, 2024
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1
CVE-2024-20811
3.3 - Low
- February 06, 2024
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1
CVE-2024-20810
3.3 - Low
- February 06, 2024
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information.
Clickjacking
Improper input validation in bootloader prior to SMR Feb-2024 Release 1
CVE-2024-20820
7.1 - High
- February 06, 2024
Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read.
Out-of-bounds Read
Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1
CVE-2024-20819
7.8 - High
- February 06, 2024
Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Memory Corruption
Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1
CVE-2024-20818
7.8 - High
- February 06, 2024
Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Memory Corruption
Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1
CVE-2024-20817
7.8 - High
- February 06, 2024
Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Memory Corruption
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1
CVE-2024-20816
6.5 - Medium
- February 06, 2024
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
authentification
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1
CVE-2024-20815
6.5 - Medium
- February 06, 2024
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
authentification
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1
CVE-2024-20814
5.5 - Medium
- February 06, 2024
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information.
Out-of-bounds Read
Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1
CVE-2024-20813
7.8 - High
- February 06, 2024
Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper access control in Notification service prior to SMR Jan-2024 Release 1
CVE-2024-20806
5.5 - Medium
- January 04, 2024
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13
CVE-2024-20805
5.5 - Medium
- January 04, 2024
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.
Directory traversal
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13
CVE-2024-20804
5.5 - Medium
- January 04, 2024
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.
Directory traversal
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1
CVE-2024-20803
6.5 - Medium
- January 04, 2024
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
authentification
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1
CVE-2023-42568
4.4 - Medium
- December 05, 2023
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1
CVE-2023-42567
7.8 - High
- December 05, 2023
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
Memory Corruption
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1
CVE-2023-42566
7.8 - High
- December 05, 2023
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1
CVE-2023-42565
6.7 - Medium
- December 05, 2023
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1
CVE-2023-42564
5.5 - Medium
- December 05, 2023
Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1
CVE-2023-42563
7.8 - High
- December 05, 2023
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
Integer Overflow or Wraparound
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1
CVE-2023-42562
7.8 - High
- December 05, 2023
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
Integer Overflow or Wraparound
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1
CVE-2023-42561
6.8 - Medium
- December 05, 2023
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
Memory Corruption
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1
CVE-2023-42560
7.8 - High
- December 05, 2023
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
Memory Corruption
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1
CVE-2023-42559
5.2 - Medium
- December 05, 2023
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
Improper Handling of Exceptional Conditions
Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1
CVE-2023-42558
7.8 - High
- December 05, 2023
Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.
Memory Corruption
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1
CVE-2023-42557
6.7 - Medium
- December 05, 2023
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.
Memory Corruption
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1
CVE-2023-42556
5.5 - Medium
- December 05, 2023
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1
CVE-2023-42570
3.3 - Low
- December 05, 2023
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1
CVE-2023-42569
3.3 - Low
- December 05, 2023
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
AuthZ
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42538
7.8 - High
- November 07, 2023
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
Out-of-bounds Read
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42537
7.8 - High
- November 07, 2023
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
Out-of-bounds Read
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42536
7.8 - High
- November 07, 2023
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
Out-of-bounds Read
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1
CVE-2023-42535
7.8 - High
- November 07, 2023
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1
CVE-2023-42534
5.5 - Medium
- November 07, 2023
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
Files or Directories Accessible to External Parties
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1
CVE-2023-42533
6.8 - Medium
- November 07, 2023
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1
CVE-2023-42532
7.5 - High
- November 07, 2023
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.
Improper Certificate Validation
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1
CVE-2023-42531
7.1 - High
- November 07, 2023
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.
authentification
Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1
CVE-2023-42530
7.5 - High
- November 07, 2023
Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.
Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1
CVE-2023-42529
7.8 - High
- November 07, 2023
Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1
CVE-2023-42528
7.8 - High
- November 07, 2023
Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1
CVE-2023-42527
5.5 - Medium
- November 07, 2023
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.
Improper Input Validation
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1
CVE-2023-30739
7.8 - High
- November 07, 2023
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1
CVE-2023-30733
7.8 - High
- October 04, 2023
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.
Memory Corruption
Improper access control in system property prior to SMR Oct-2023 Release 1
CVE-2023-30732
3.3 - Low
- October 04, 2023
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application
CVE-2023-30731
4.6 - Medium
- October 04, 2023
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1
CVE-2023-30727
7.5 - High
- October 04, 2023
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1
CVE-2023-30692
7.8 - High
- October 04, 2023
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1
CVE-2023-30690
7.8 - High
- October 04, 2023
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1
CVE-2023-30721
4.4 - Medium
- September 06, 2023
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.
Insertion of Sensitive Information into Log File
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1
CVE-2023-30720
5.5 - Medium
- September 06, 2023
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1
CVE-2023-30719
3.3 - Low
- September 06, 2023
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1
CVE-2023-30717
3.3 - Low
- September 06, 2023
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1
CVE-2023-30716
5.5 - Medium
- September 06, 2023
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1
CVE-2023-30715
3.3 - Low
- September 06, 2023
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1
CVE-2023-30714
4.6 - Medium
- September 06, 2023
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1
CVE-2023-30713
5.5 - Medium
- September 06, 2023
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
Improper Privilege Management
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1
CVE-2023-30712
7.8 - High
- September 06, 2023
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
Improper Input Validation
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1
CVE-2023-30711
3.3 - Low
- September 06, 2023
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1
CVE-2023-30710
7.8 - High
- September 06, 2023
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1
CVE-2023-30709
6.7 - Medium
- September 06, 2023
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1
CVE-2023-30708
7.5 - High
- September 06, 2023
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
authentification
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1
CVE-2023-30707
7.1 - High
- September 06, 2023
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1
CVE-2023-30706
4.9 - Medium
- September 06, 2023
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1
CVE-2023-30718
3.3 - Low
- September 06, 2023
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30688
7.8 - High
- August 10, 2023
Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1
CVE-2023-30680
7.8 - High
- August 10, 2023
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.
Improper Privilege Management
Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1
CVE-2023-30679
7.8 - High
- August 10, 2023
Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30687
7.8 - High
- August 10, 2023
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30686
7.8 - High
- August 10, 2023
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30685
3.3 - Low
- August 10, 2023
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30684
3.3 - Low
- August 10, 2023
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.
Improper access control in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30683
3.3 - Low
- August 10, 2023
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.
Improper access control in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30682
3.3 - Low
- August 10, 2023
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1
CVE-2023-30681
7.8 - High
- August 10, 2023
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1
CVE-2023-30701
5.5 - Medium
- August 10, 2023
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1
CVE-2023-30700
3.3 - Low
- August 10, 2023
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1
CVE-2023-30699
9.8 - Critical
- August 10, 2023
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.
Memory Corruption
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1
CVE-2023-30698
5.5 - Medium
- August 10, 2023
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30697
7.8 - High
- August 10, 2023
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30696
7.8 - High
- August 10, 2023
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30694
7.8 - High
- August 10, 2023
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30693
7.8 - High
- August 10, 2023
Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1
CVE-2023-30691
7.8 - High
- August 10, 2023
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.
Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30689
7.8 - High
- August 10, 2023
Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1
CVE-2023-30654
5.5 - Medium
- August 10, 2023
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.
Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1
CVE-2023-30664
7.8 - High
- July 06, 2023
Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30663
7.8 - High
- July 06, 2023
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
Improper Input Validation
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30662
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30661
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30660
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1
CVE-2023-30659
7.8 - High
- July 06, 2023
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1
CVE-2023-30658
7.8 - High
- July 06, 2023
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1
CVE-2023-30657
7.8 - High
- July 06, 2023
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1
CVE-2023-30656
7.8 - High
- July 06, 2023
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.
Improper Input Validation
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1
CVE-2023-30655
7.8 - High
- July 06, 2023
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30653
7.8 - High
- July 06, 2023
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30652
7.8 - High
- July 06, 2023
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30651
7.8 - High
- July 06, 2023
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30650
7.8 - High
- July 06, 2023
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Samsung Android or by Samsung? Click the Watch button to subscribe.