Android Samsung Android

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Samsung Android.

EOL Dates

Ensure that you are using a supported version of Samsung Android. Here are some end of life, and end of support dates for Samsung Android.

Release EOL Date Status
16 -
Active

15 -
Active

14 -
Active

13 -
Active

12.1 March 3, 2025
EOL

Samsung Android 12.1 became EOL in 2025.

12 March 3, 2025
EOL

Samsung Android 12 became EOL in 2025.

11 February 5, 2024
EOL

Samsung Android 11 became EOL in 2024.

10 March 6, 2023
EOL

Samsung Android 10 became EOL in 2023.

9 January 1, 2022
EOL

Samsung Android 9 became EOL in 2022.

8.1 January 10, 2021
EOL

Samsung Android 8.1 became EOL in 2021.

8.0 January 1, 2021
EOL

Samsung Android 8.0 became EOL in 2021.

7.1 October 1, 2019
EOL

Samsung Android 7.1 became EOL in 2019.

7.0 October 1, 2019
EOL

Samsung Android 7.0 became EOL in 2019.

6.0 August 1, 2018
EOL

Samsung Android 6.0 became EOL in 2018.

5.1 March 1, 2018
EOL

Samsung Android 5.1 became EOL in 2018.

5.0 March 1, 2018
EOL

Samsung Android 5.0 became EOL in 2018.

4.4w October 1, 2017
EOL

Samsung Android 4.4w became EOL in 2017.

4.4 October 1, 2017
EOL

Samsung Android 4.4 became EOL in 2017.

4.3 -
Active

4.2 -
Active

By the Year

In 2025 there have been 39 vulnerabilities in Samsung Android with an average score of 5.8 out of ten. Last year, in 2024 Android had 141 security vulnerabilities published. Right now, Android is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.23




Year Vulnerabilities Average Score
2025 39 5.79
2024 141 6.02
2023 154 6.24
2022 0 0.00
2021 9 6.28
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Android Security Vulnerabilities

Improper access control in isemtelephony prior to Android 15

CVE-2025-21005 - July 08, 2025

Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15

CVE-2025-21006 7.8 - High - July 08, 2025

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

Memory Corruption

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15

CVE-2025-21007 - July 08, 2025

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Memory Corruption

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1

CVE-2025-20982 6.7 - Medium - July 08, 2025

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Memory Corruption

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1

CVE-2025-20983 6.7 - Medium - July 08, 2025

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Memory Corruption

Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1

CVE-2025-20999 2.1 - Low - July 08, 2025

Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.

AuthZ

Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1

CVE-2025-21000 3.3 - Low - July 08, 2025

Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth.

Improper access control in LeAudioService prior to SMR Jul-2025 Release 1

CVE-2025-21001 5.5 - Medium - July 08, 2025

Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast.

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15

CVE-2025-21008 - July 08, 2025

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Out-of-bounds Read

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15

CVE-2025-21009 - July 08, 2025

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Out-of-bounds Read

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1

CVE-2025-20955 5.5 - Medium - May 07, 2025

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1

CVE-2025-20957 7.8 - High - May 07, 2025

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.

Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1

CVE-2025-20958 4.4 - Medium - May 07, 2025

Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.

Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1

CVE-2025-20959 5.5 - Medium - May 07, 2025

Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.

Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1

CVE-2025-20960 3.3 - Low - May 07, 2025

Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.

Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1

CVE-2025-20961 5.5 - Medium - May 07, 2025

Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.

Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1

CVE-2025-20962 4 - Medium - May 07, 2025

Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.

Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1

CVE-2025-20963 7.8 - High - May 07, 2025

Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Memory Corruption

Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1

CVE-2025-20964 7.8 - High - May 07, 2025

Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Memory Corruption

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1

CVE-2025-20937 6.7 - Medium - May 07, 2025

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Memory Corruption

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1

CVE-2025-20953 4.4 - Medium - May 07, 2025

Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.

Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1

CVE-2025-20954 5.5 - Medium - May 07, 2025

Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1

CVE-2025-20934 5.5 - Medium - April 08, 2025

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command

CVE-2025-20892 5.9 - Medium - February 04, 2025

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.

Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1

CVE-2025-20907 4.4 - Medium - February 04, 2025

Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.

Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1

CVE-2025-20905 6.7 - Medium - February 04, 2025

Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.

Out-of-bounds Read

Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1

CVE-2025-20904 6.7 - Medium - February 04, 2025

Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.

Memory Corruption

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1

CVE-2025-20893 5.1 - Medium - February 04, 2025

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1

CVE-2025-20891 5.5 - Medium - February 04, 2025

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

Out-of-bounds Read

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1

CVE-2025-20890 7.8 - High - February 04, 2025

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Memory Corruption

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1

CVE-2025-20889 5.5 - Medium - February 04, 2025

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

Memory Corruption

Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1

CVE-2025-20887 5.5 - Medium - February 04, 2025

Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

Out-of-bounds Read

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1

CVE-2025-20888 7.8 - High - February 04, 2025

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Memory Corruption

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1

CVE-2025-20881 7.8 - High - February 04, 2025

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Memory Corruption

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1

CVE-2025-20882 7.8 - High - February 04, 2025

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Memory Corruption

Improper access control in SoundPicker prior to SMR Jan-2025 Release 1

CVE-2025-20883 4.6 - Medium - February 04, 2025

Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.

Improper access control in Samsung Message prior to SMR Jan-2025 Release 1

CVE-2025-20884 4.6 - Medium - February 04, 2025

Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.

Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1

CVE-2025-20885 6.7 - Medium - February 04, 2025

Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.

Memory Corruption

Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1

CVE-2025-20886 4.4 - Medium - February 04, 2025

Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.

Insecure Storage of Sensitive Information

Samsung libswmfextractor.so Out-of-Bounds Write Vulnerability

CVE-2024-49410 7.8 - High - December 03, 2024

Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

ThemeCenter Path Traversal Vulnerability

CVE-2024-49411 4.6 - Medium - December 03, 2024

Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.

Directory traversal

SmartSwitch: Improper Verification of Cryptographic Signature Vulnerability

CVE-2024-49413 7.8 - High - December 03, 2024

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

Improper Verification of Cryptographic Signature

Samsung Dex Mode Authentication Bypass Vulnerability

CVE-2024-49414 2.4 - Low - December 03, 2024

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

Samsung libsaped.so Out-of-Bounds Write Remote Code Execution Vulnerability

CVE-2024-49415 9.8 - Critical - December 03, 2024

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

Memory Corruption

System UI Sensitive Info Leak in Samsung SMR

CVE-2024-34677 3.3 - Low - November 06, 2024

Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.

Insecure Storage of Sensitive Information

Samsung libsapeextractor OOB Write

CVE-2024-34678 7.8 - High - November 06, 2024

Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.

Memory Corruption

Crane Privilege Escalation via Default Permissions

CVE-2024-34679 7.1 - High - November 06, 2024

Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.

Incorrect Default Permissions

WlanTest Implicit Intent Info Leak

CVE-2024-34680 5.5 - Medium - November 06, 2024

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.

Samsung Settings Suggestion Privilege Escalation

CVE-2024-49401 7.1 - High - November 06, 2024

Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.

Dressroom Profile Data Leak via Input Validation Flaw

CVE-2024-49402 4.6 - Medium - November 06, 2024

Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Samsung Android or by Samsung? Click the Watch button to subscribe.

Samsung
Vendor

subscribe