Android Samsung Android

Do you want an email whenever new security vulnerabilities are reported in Samsung Android?

By the Year

In 2024 there have been 15 vulnerabilities in Samsung Android with an average score of 6.3 out of ten. Last year Android had 154 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.04.

Year Vulnerabilities Average Score
2024 15 6.28
2023 154 6.24
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Android Security Vulnerabilities

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1

CVE-2024-20812 7.8 - High - February 06, 2024

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1

CVE-2024-20811 3.3 - Low - February 06, 2024

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1

CVE-2024-20810 3.3 - Low - February 06, 2024

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information.

Clickjacking

Improper input validation in bootloader prior to SMR Feb-2024 Release 1

CVE-2024-20820 7.1 - High - February 06, 2024

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read.

Out-of-bounds Read

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1

CVE-2024-20819 7.8 - High - February 06, 2024

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Memory Corruption

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1

CVE-2024-20818 7.8 - High - February 06, 2024

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Memory Corruption

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1

CVE-2024-20817 7.8 - High - February 06, 2024

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Memory Corruption

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1

CVE-2024-20816 6.5 - Medium - February 06, 2024

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

authentification

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1

CVE-2024-20815 6.5 - Medium - February 06, 2024

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

authentification

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1

CVE-2024-20814 5.5 - Medium - February 06, 2024

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information.

Out-of-bounds Read

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1

CVE-2024-20813 7.8 - High - February 06, 2024

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper access control in Notification service prior to SMR Jan-2024 Release 1

CVE-2024-20806 5.5 - Medium - January 04, 2024

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13

CVE-2024-20805 5.5 - Medium - January 04, 2024

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.

Directory traversal

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13

CVE-2024-20804 5.5 - Medium - January 04, 2024

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.

Directory traversal

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1

CVE-2024-20803 6.5 - Medium - January 04, 2024

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.

authentification

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1

CVE-2023-42568 4.4 - Medium - December 05, 2023

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.

Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1

CVE-2023-42567 7.8 - High - December 05, 2023

Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.

Memory Corruption

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1

CVE-2023-42566 7.8 - High - December 05, 2023

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1

CVE-2023-42565 6.7 - Medium - December 05, 2023

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1

CVE-2023-42564 5.5 - Medium - December 05, 2023

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1

CVE-2023-42563 7.8 - High - December 05, 2023

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

Integer Overflow or Wraparound

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1

CVE-2023-42562 7.8 - High - December 05, 2023

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

Integer Overflow or Wraparound

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1

CVE-2023-42561 6.8 - Medium - December 05, 2023

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.

Memory Corruption

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1

CVE-2023-42560 7.8 - High - December 05, 2023

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.

Memory Corruption

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1

CVE-2023-42559 5.2 - Medium - December 05, 2023

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.

Improper Handling of Exceptional Conditions

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1

CVE-2023-42558 7.8 - High - December 05, 2023

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.

Memory Corruption

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1

CVE-2023-42557 6.7 - Medium - December 05, 2023

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

Memory Corruption

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1

CVE-2023-42556 5.5 - Medium - December 05, 2023

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1

CVE-2023-42570 3.3 - Low - December 05, 2023

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1

CVE-2023-42569 3.3 - Low - December 05, 2023

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.

AuthZ

An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1

CVE-2023-42538 7.8 - High - November 07, 2023

An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

Out-of-bounds Read

An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1

CVE-2023-42537 7.8 - High - November 07, 2023

An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

Out-of-bounds Read

An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1

CVE-2023-42536 7.8 - High - November 07, 2023

An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

Out-of-bounds Read

Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1

CVE-2023-42535 7.8 - High - November 07, 2023

Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1

CVE-2023-42534 5.5 - Medium - November 07, 2023

Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.

Files or Directories Accessible to External Parties

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1

CVE-2023-42533 6.8 - Medium - November 07, 2023

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1

CVE-2023-42532 7.5 - High - November 07, 2023

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.

Improper Certificate Validation

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1

CVE-2023-42531 7.1 - High - November 07, 2023

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.

authentification

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1

CVE-2023-42530 7.5 - High - November 07, 2023

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1

CVE-2023-42529 7.8 - High - November 07, 2023

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1

CVE-2023-42528 7.8 - High - November 07, 2023

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1

CVE-2023-42527 5.5 - Medium - November 07, 2023

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.

Improper Input Validation

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1

CVE-2023-30739 7.8 - High - November 07, 2023

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1

CVE-2023-30733 7.8 - High - October 04, 2023

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.

Memory Corruption

Improper access control in system property prior to SMR Oct-2023 Release 1

CVE-2023-30732 3.3 - Low - October 04, 2023

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.

Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application

CVE-2023-30731 4.6 - Medium - October 04, 2023

Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1

CVE-2023-30727 7.5 - High - October 04, 2023

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1

CVE-2023-30692 7.8 - High - October 04, 2023

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1

CVE-2023-30690 7.8 - High - October 04, 2023

Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1

CVE-2023-30721 4.4 - Medium - September 06, 2023

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.

Insertion of Sensitive Information into Log File

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1

CVE-2023-30720 5.5 - Medium - September 06, 2023

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1

CVE-2023-30719 3.3 - Low - September 06, 2023

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.

Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1

CVE-2023-30717 3.3 - Low - September 06, 2023

Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.

Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1

CVE-2023-30716 5.5 - Medium - September 06, 2023

Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1

CVE-2023-30715 3.3 - Low - September 06, 2023

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.

Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1

CVE-2023-30714 4.6 - Medium - September 06, 2023

Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1

CVE-2023-30713 5.5 - Medium - September 06, 2023

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.

Improper Privilege Management

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1

CVE-2023-30712 7.8 - High - September 06, 2023

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.

Improper Input Validation

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1

CVE-2023-30711 3.3 - Low - September 06, 2023

Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.

Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1

CVE-2023-30710 7.8 - High - September 06, 2023

Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.

Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1

CVE-2023-30709 6.7 - Medium - September 06, 2023

Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.

Improper authentication in SecSettings prior to SMR Sep-2023 Release 1

CVE-2023-30708 7.5 - High - September 06, 2023

Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.

authentification

Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1

CVE-2023-30707 7.1 - High - September 06, 2023

Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1

CVE-2023-30706 4.9 - Medium - September 06, 2023

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1

CVE-2023-30718 3.3 - Low - September 06, 2023

Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.

Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30688 7.8 - High - August 10, 2023

Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1

CVE-2023-30680 7.8 - High - August 10, 2023

Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.

Improper Privilege Management

Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1

CVE-2023-30679 7.8 - High - August 10, 2023

Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.

Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30687 7.8 - High - August 10, 2023

Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30686 7.8 - High - August 10, 2023

Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1

CVE-2023-30685 3.3 - Low - August 10, 2023

Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1

CVE-2023-30684 3.3 - Low - August 10, 2023

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.

Improper access control in Telecom prior to SMR Aug-2023 Release 1

CVE-2023-30683 3.3 - Low - August 10, 2023

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.

Improper access control in Telecom prior to SMR Aug-2023 Release 1

CVE-2023-30682 3.3 - Low - August 10, 2023

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.

An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1

CVE-2023-30681 7.8 - High - August 10, 2023

An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Memory Corruption

PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1

CVE-2023-30701 5.5 - Medium - August 10, 2023

PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.

PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1

CVE-2023-30700 3.3 - Low - August 10, 2023

PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.

Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1

CVE-2023-30699 9.8 - Critical - August 10, 2023

Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.

Memory Corruption

Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1

CVE-2023-30698 5.5 - Medium - August 10, 2023

Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.

An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30697 7.8 - High - August 10, 2023

An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Memory Corruption

An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30696 7.8 - High - August 10, 2023

An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Memory Corruption

Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30694 7.8 - High - August 10, 2023

Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30693 7.8 - High - August 10, 2023

Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1

CVE-2023-30691 7.8 - High - August 10, 2023

Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.

Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1

CVE-2023-30689 7.8 - High - August 10, 2023

Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1

CVE-2023-30654 5.5 - Medium - August 10, 2023

Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.

Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1

CVE-2023-30664 7.8 - High - July 06, 2023

Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1

CVE-2023-30663 7.8 - High - July 06, 2023

Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

Improper Input Validation

Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1

CVE-2023-30662 5.5 - Medium - July 06, 2023

Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1

CVE-2023-30661 5.5 - Medium - July 06, 2023

Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1

CVE-2023-30660 5.5 - Medium - July 06, 2023

Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1

CVE-2023-30659 7.8 - High - July 06, 2023

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1

CVE-2023-30658 7.8 - High - July 06, 2023

Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1

CVE-2023-30657 7.8 - High - July 06, 2023

Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1

CVE-2023-30656 7.8 - High - July 06, 2023

Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1

CVE-2023-30655 7.8 - High - July 06, 2023

Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1

CVE-2023-30653 7.8 - High - July 06, 2023

Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1

CVE-2023-30652 7.8 - High - July 06, 2023

Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1

CVE-2023-30651 7.8 - High - July 06, 2023

Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1

CVE-2023-30650 7.8 - High - July 06, 2023

Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Samsung Android or by Samsung? Click the Watch button to subscribe.

Samsung
Vendor

subscribe