Samsung Android
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Samsung Android.
EOL Dates
Ensure that you are using a supported version of Samsung Android. Here are some end of life, and end of support dates for Samsung Android.
Release | EOL Date | Status |
---|---|---|
16 | - |
Active
|
15 | - |
Active
|
14 | - |
Active
|
13 | - |
Active
|
12.1 | March 3, 2025 |
EOL
Samsung Android 12.1 became EOL in 2025. |
12 | March 3, 2025 |
EOL
Samsung Android 12 became EOL in 2025. |
11 | February 5, 2024 |
EOL
Samsung Android 11 became EOL in 2024. |
10 | March 6, 2023 |
EOL
Samsung Android 10 became EOL in 2023. |
9 | January 1, 2022 |
EOL
Samsung Android 9 became EOL in 2022. |
8.1 | January 10, 2021 |
EOL
Samsung Android 8.1 became EOL in 2021. |
8.0 | January 1, 2021 |
EOL
Samsung Android 8.0 became EOL in 2021. |
7.1 | October 1, 2019 |
EOL
Samsung Android 7.1 became EOL in 2019. |
7.0 | October 1, 2019 |
EOL
Samsung Android 7.0 became EOL in 2019. |
6.0 | August 1, 2018 |
EOL
Samsung Android 6.0 became EOL in 2018. |
5.1 | March 1, 2018 |
EOL
Samsung Android 5.1 became EOL in 2018. |
5.0 | March 1, 2018 |
EOL
Samsung Android 5.0 became EOL in 2018. |
4.4w | October 1, 2017 |
EOL
Samsung Android 4.4w became EOL in 2017. |
4.4 | October 1, 2017 |
EOL
Samsung Android 4.4 became EOL in 2017. |
4.3 | - |
Active
|
4.2 | - |
Active
|
By the Year
In 2025 there have been 39 vulnerabilities in Samsung Android with an average score of 5.8 out of ten. Last year, in 2024 Android had 141 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.23
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 39 | 5.79 |
2024 | 141 | 6.02 |
2023 | 154 | 6.24 |
2022 | 0 | 0.00 |
2021 | 9 | 6.28 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Android Security Vulnerabilities
Improper access control in isemtelephony prior to Android 15
CVE-2025-21005
- July 08, 2025
Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.
Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15
CVE-2025-21006
7.8 - High
- July 08, 2025
Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.
Memory Corruption
Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15
CVE-2025-21007
- July 08, 2025
Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
Memory Corruption
Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1
CVE-2025-20982
6.7 - Medium
- July 08, 2025
Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Memory Corruption
Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1
CVE-2025-20983
6.7 - Medium
- July 08, 2025
Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Memory Corruption
Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1
CVE-2025-20999
2.1 - Low
- July 08, 2025
Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.
AuthZ
Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1
CVE-2025-21000
3.3 - Low
- July 08, 2025
Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth.
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1
CVE-2025-21001
5.5 - Medium
- July 08, 2025
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast.
Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15
CVE-2025-21008
- July 08, 2025
Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
Out-of-bounds Read
Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15
CVE-2025-21009
- July 08, 2025
Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
Out-of-bounds Read
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1
CVE-2025-20955
5.5 - Medium
- May 07, 2025
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1
CVE-2025-20957
7.8 - High
- May 07, 2025
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.
Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1
CVE-2025-20958
4.4 - Medium
- May 07, 2025
Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1
CVE-2025-20959
5.5 - Medium
- May 07, 2025
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1
CVE-2025-20960
3.3 - Low
- May 07, 2025
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.
Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1
CVE-2025-20961
5.5 - Medium
- May 07, 2025
Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.
Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1
CVE-2025-20962
4 - Medium
- May 07, 2025
Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.
Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1
CVE-2025-20963
7.8 - High
- May 07, 2025
Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
Memory Corruption
Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1
CVE-2025-20964
7.8 - High
- May 07, 2025
Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
Memory Corruption
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1
CVE-2025-20937
6.7 - Medium
- May 07, 2025
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
Memory Corruption
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1
CVE-2025-20953
4.4 - Medium
- May 07, 2025
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1
CVE-2025-20954
5.5 - Medium
- May 07, 2025
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1
CVE-2025-20934
5.5 - Medium
- April 08, 2025
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command
CVE-2025-20892
5.9 - Medium
- February 04, 2025
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1
CVE-2025-20907
4.4 - Medium
- February 04, 2025
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1
CVE-2025-20905
6.7 - Medium
- February 04, 2025
Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
Out-of-bounds Read
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1
CVE-2025-20904
6.7 - Medium
- February 04, 2025
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
Memory Corruption
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1
CVE-2025-20893
5.1 - Medium
- February 04, 2025
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.
Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20891
5.5 - Medium
- February 04, 2025
Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Out-of-bounds Read
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20890
7.8 - High
- February 04, 2025
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20889
5.5 - Medium
- February 04, 2025
Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20887
5.5 - Medium
- February 04, 2025
Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
Out-of-bounds Read
Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20888
7.8 - High
- February 04, 2025
Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20881
7.8 - High
- February 04, 2025
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1
CVE-2025-20882
7.8 - High
- February 04, 2025
Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
Memory Corruption
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1
CVE-2025-20883
4.6 - Medium
- February 04, 2025
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1
CVE-2025-20884
4.6 - Medium
- February 04, 2025
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1
CVE-2025-20885
6.7 - Medium
- February 04, 2025
Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
Memory Corruption
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1
CVE-2025-20886
4.4 - Medium
- February 04, 2025
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
Insecure Storage of Sensitive Information
Samsung libswmfextractor.so Out-of-Bounds Write Vulnerability
CVE-2024-49410
7.8 - High
- December 03, 2024
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
ThemeCenter Path Traversal Vulnerability
CVE-2024-49411
4.6 - Medium
- December 03, 2024
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
Directory traversal
SmartSwitch: Improper Verification of Cryptographic Signature Vulnerability
CVE-2024-49413
7.8 - High
- December 03, 2024
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
Improper Verification of Cryptographic Signature
Samsung Dex Mode Authentication Bypass Vulnerability
CVE-2024-49414
2.4 - Low
- December 03, 2024
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
Samsung libsaped.so Out-of-Bounds Write Remote Code Execution Vulnerability
CVE-2024-49415
9.8 - Critical
- December 03, 2024
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
Memory Corruption
System UI Sensitive Info Leak in Samsung SMR
CVE-2024-34677
3.3 - Low
- November 06, 2024
Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
Insecure Storage of Sensitive Information
Samsung libsapeextractor OOB Write
CVE-2024-34678
7.8 - High
- November 06, 2024
Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
Memory Corruption
Crane Privilege Escalation via Default Permissions
CVE-2024-34679
7.1 - High
- November 06, 2024
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
Incorrect Default Permissions
WlanTest Implicit Intent Info Leak
CVE-2024-34680
5.5 - Medium
- November 06, 2024
Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
Samsung Settings Suggestion Privilege Escalation
CVE-2024-49401
7.1 - High
- November 06, 2024
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
Dressroom Profile Data Leak via Input Validation Flaw
CVE-2024-49402
4.6 - Medium
- November 06, 2024
Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Samsung Android or by Samsung? Click the Watch button to subscribe.
