Samsung Mobile Devices

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Samsung Mobile Devices.

By the Year

In 2026 there have been 19 vulnerabilities in Samsung Mobile Devices with an average score of 5.3 out of ten. Last year, in 2025 Samsung Mobile Devices had 29 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Samsung Mobile Devices in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.30

Year	Vulnerabilities	Average Score
2026	19	5.30
2025	29	5.60
2024	0	0.00
2023	1	4.40
2022	1	5.00
2021	9	5.81

It may take a day or so for new Samsung Mobile Devices vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Mobile Devices Security Vulnerabilities

Samsung Settings: Improper Auth Allows Local Disable of Background Data
CVE-2026-20992 - March 16, 2026

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.

CVE-2026-20991: Samsung ThemeManager Privilege Mgt Lets Trial Content Reuse
CVE-2026-20991 - March 16, 2026

Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.

Android Secure Folder Improper Export Launches Arbitrary Activity
CVE-2026-20990 - March 16, 2026

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.

Improper sig verification in Samsung Mob Font Settings allows physical attacks
CVE-2026-20989 - March 16, 2026

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.

Android Settings: Improper Intent Verification by Broadcast Receiver
CVE-2026-20988 - March 16, 2026

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.

Samsung Dialer local privilege escalation via exported activity (CVE-2026-20983)
CVE-2026-20983 - February 04, 2026

Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.

Local Path Traversal in Windows ShortcutService Privileged File Creation
CVE-2026-20982 - February 04, 2026

Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.

FacAtFunction Input Validation flaw allows system privilege exec
CVE-2026-20981 - February 04, 2026

Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.

Improper Input Validation in PACM Enables Physical Command Execution
CVE-2026-20980 - February 04, 2026

Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands.

Android Settings Privilege Escalation via Improper Priv Management
CVE-2026-20979 - February 04, 2026

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.

CVE-2026-20978: Improper Auth in Samsung KnoxGuardManager persistence Bypass
CVE-2026-20978 - February 04, 2026

Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.

Improper Access Control in Emergency Sharing (local attacker interruption)
CVE-2026-20977 - February 04, 2026

Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.

Samsung Mobile SMR Jan-2026 Input Validation Bypass of Carrier Relock
CVE-2026-20974 - January 09, 2026

Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.

Samsung Mobile libimagecodec.quram.so OOB Read Vulnerability
CVE-2026-20973 5.3 - Medium - January 09, 2026

Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.

Samsung UwbTest Improper Export Enables Local UWB
CVE-2026-20972 - January 09, 2026

Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.

Use-After-Free in Samsung PROCA Driver Enables Local Code Execution
CVE-2026-20971 - January 09, 2026

Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.

Samsung SLocation Improper ACL Enables Privileged API Exec
CVE-2026-20970 - January 09, 2026

Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.

Samsung SecSettings Local Priv Escalation via Input Validation
CVE-2026-20969 - January 09, 2026

Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.

DualDAR Use-After-Free Exploit, Local Privilege Escalation
CVE-2026-20968 - January 09, 2026

Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.

Heap Overflow in libimagecodec.quram.so (CVE-2025-58480)
CVE-2025-58480 4.3 - Medium - December 02, 2025

Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Qualcomm libimagecodec.quram.so OOB Read Remote
CVE-2025-58479 4.3 - Medium - December 02, 2025

Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Out-of-bounds write in libimagecodec.quram.so allows remote memory access
CVE-2025-58478 4.3 - Medium - December 02, 2025

Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

libimagecodec.quram.so OOB Write in IFD Tag Parsing
CVE-2025-58477 4.3 - Medium - December 02, 2025

Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Out-of-Bounds Read in Bootloader (CVE-2025-58476)
CVE-2025-58476 4.2 - Medium - December 02, 2025

Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.

Android: libsecril.so OOB Write via Input Validation
CVE-2025-58475 5.6 - Medium - December 02, 2025

Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2025-21080: Improper Export of Android Dynamic Lockscreen Enables Local Access
CVE-2025-21080 6.2 - Medium - December 02, 2025

Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.

Fingerprint Trustlet OOB Write in Metadata Decoding (CVE-2025-21072)
CVE-2025-21072 5.7 - Medium - December 02, 2025

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

OOB write in libimagecodec.quram.so (Qualcomm) permits remote memory access
CVE-2025-21075 4.3 - Medium - November 05, 2025

Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Out-of-bounds read in Qualcomm libimagecodec.quram.so (CVE-2025-21074)
CVE-2025-21074 4.3 - Medium - November 05, 2025

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.

Samsung SMR 1.0: USB Default Config Enables Physical Data Access
CVE-2025-21073 6.8 - Medium - November 05, 2025

Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.

OOB write in Fingerprint Trustlet (SMR Nov2025) local privileged
CVE-2025-21071 5.7 - Medium - November 05, 2025

Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Android SystemUI 15: Improper Access Control in Routines (CVE-2025-21058)
CVE-2025-21058 7.3 - High - October 10, 2025

Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege.

Out-of-bounds Read/Write in libimagecodec.quram.so Remote Memory Access
CVE-2025-21055 4.3 - Medium - October 10, 2025

Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.

OOB read in libpadm.so JPEG header parsing
CVE-2025-21054 4 - Medium - October 10, 2025

Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.

CVE-2025-21053: OOB Write in libpadm JPEG Decoding
CVE-2025-21053 4 - Medium - October 10, 2025

Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

Local OOB Write in libpadm.so JPEG Decoding (CVE-2025-21052)
CVE-2025-21052 4 - Medium - October 10, 2025

Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

Relative Path Traversal in Samsung Knox Enterprise Enables Local Code Execution
CVE-2025-21048 6.7 - Medium - October 10, 2025

Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.

CVE-2025-21047: Improper Access Control in KnoxGuard Allows Physical Prv API Use
CVE-2025-21047 5.2 - Medium - October 10, 2025

Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.

Samsung DeX WindowManager Improper Access Control Enables Recent App Access
CVE-2025-21046 2.4 - Low - October 10, 2025

Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.

Galaxy Watch insecure storage of sensitive data (CVE-2025-21045)
CVE-2025-21045 4 - Medium - October 10, 2025

Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.

Android Fingerprint Trustlet OOB Write in SMR Oct-2025
CVE-2025-21044 5.7 - Medium - October 10, 2025

Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Remote OOB Write in libimagecodec.quram.so Enables RCE
CVE-2025-21043 8.8 - High - September 12, 2025

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

Samsung libimagecodec.quram.so OOB write CVE-2025-21042
CVE-2025-21042 8.8 - High - September 12, 2025

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

OOB write in KnoxVault trustlet (Samsung) enabling local privileged
CVE-2025-20982 6.4 - Medium - July 08, 2025

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

OOB Write in KnoxVault Trustlet (Android)
CVE-2025-20983 6.4 - Medium - July 08, 2025

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Android Keymaster trustlet OOB write enables local privileged writes
CVE-2025-20937 6.7 - Medium - May 07, 2025

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Local Privilege Escalation via Improper Access Control in Qualcomm HDCP Trustlet
CVE-2025-20936 8.8 - High - April 08, 2025

Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.

Galaxy Watch BT Pairing Local Attack - Improper Exception Handling
CVE-2025-20946 8.8 - High - April 08, 2025

Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.

Linux Kernel Pointer Leak in Logs Enables ASLR Bypass
CVE-2023-21492 4.4 - Medium - May 04, 2023

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

Insertion of Sensitive Information into Log File

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1
CVE-2022-22265 5 - Medium - January 10, 2022

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

Improper Check or Handling of Exceptional Conditions

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Samsung Mobile Devices or by Samsung? Click the Watch button to subscribe.

Samsung
Vendor

Samsung Mobile Devices
Product

Samsung Mobile Devices

Don't miss out!

By the Year

Recent Samsung Mobile Devices Security Vulnerabilities

Samsung Settings: Improper Auth Allows Local Disable of Background Data CVE-2026-20992 - March 16, 2026

CVE-2026-20991: Samsung ThemeManager Privilege Mgt Lets Trial Content Reuse CVE-2026-20991 - March 16, 2026

Android Secure Folder Improper Export Launches Arbitrary Activity CVE-2026-20990 - March 16, 2026

Improper sig verification in Samsung Mob Font Settings allows physical attacks CVE-2026-20989 - March 16, 2026

Android Settings: Improper Intent Verification by Broadcast Receiver CVE-2026-20988 - March 16, 2026

Samsung Dialer local privilege escalation via exported activity (CVE-2026-20983) CVE-2026-20983 - February 04, 2026

Local Path Traversal in Windows ShortcutService Privileged File Creation CVE-2026-20982 - February 04, 2026

FacAtFunction Input Validation flaw allows system privilege exec CVE-2026-20981 - February 04, 2026

Improper Input Validation in PACM Enables Physical Command Execution CVE-2026-20980 - February 04, 2026

Android Settings Privilege Escalation via Improper Priv Management CVE-2026-20979 - February 04, 2026

CVE-2026-20978: Improper Auth in Samsung KnoxGuardManager persistence Bypass CVE-2026-20978 - February 04, 2026

Improper Access Control in Emergency Sharing (local attacker interruption) CVE-2026-20977 - February 04, 2026

Samsung Mobile SMR Jan-2026 Input Validation Bypass of Carrier Relock CVE-2026-20974 - January 09, 2026

Samsung Mobile libimagecodec.quram.so OOB Read Vulnerability CVE-2026-20973 5.3 - Medium - January 09, 2026

Samsung UwbTest Improper Export Enables Local UWB CVE-2026-20972 - January 09, 2026

Use-After-Free in Samsung PROCA Driver Enables Local Code Execution CVE-2026-20971 - January 09, 2026

Samsung SLocation Improper ACL Enables Privileged API Exec CVE-2026-20970 - January 09, 2026

Samsung SecSettings Local Priv Escalation via Input Validation CVE-2026-20969 - January 09, 2026

DualDAR Use-After-Free Exploit, Local Privilege Escalation CVE-2026-20968 - January 09, 2026

Heap Overflow in libimagecodec.quram.so (CVE-2025-58480) CVE-2025-58480 4.3 - Medium - December 02, 2025

Qualcomm libimagecodec.quram.so OOB Read Remote CVE-2025-58479 4.3 - Medium - December 02, 2025

Out-of-bounds write in libimagecodec.quram.so allows remote memory access CVE-2025-58478 4.3 - Medium - December 02, 2025

libimagecodec.quram.so OOB Write in IFD Tag Parsing CVE-2025-58477 4.3 - Medium - December 02, 2025

Out-of-Bounds Read in Bootloader (CVE-2025-58476) CVE-2025-58476 4.2 - Medium - December 02, 2025

Android: libsecril.so OOB Write via Input Validation CVE-2025-58475 5.6 - Medium - December 02, 2025

CVE-2025-21080: Improper Export of Android Dynamic Lockscreen Enables Local Access CVE-2025-21080 6.2 - Medium - December 02, 2025

Fingerprint Trustlet OOB Write in Metadata Decoding (CVE-2025-21072) CVE-2025-21072 5.7 - Medium - December 02, 2025

OOB write in libimagecodec.quram.so (Qualcomm) permits remote memory access CVE-2025-21075 4.3 - Medium - November 05, 2025

Out-of-bounds read in Qualcomm libimagecodec.quram.so (CVE-2025-21074) CVE-2025-21074 4.3 - Medium - November 05, 2025

Samsung SMR 1.0: USB Default Config Enables Physical Data Access CVE-2025-21073 6.8 - Medium - November 05, 2025

OOB write in Fingerprint Trustlet (SMR Nov2025) local privileged CVE-2025-21071 5.7 - Medium - November 05, 2025

Android SystemUI 15: Improper Access Control in Routines (CVE-2025-21058) CVE-2025-21058 7.3 - High - October 10, 2025

Out-of-bounds Read/Write in libimagecodec.quram.so Remote Memory Access CVE-2025-21055 4.3 - Medium - October 10, 2025

OOB read in libpadm.so JPEG header parsing CVE-2025-21054 4 - Medium - October 10, 2025

CVE-2025-21053: OOB Write in libpadm JPEG Decoding CVE-2025-21053 4 - Medium - October 10, 2025

Local OOB Write in libpadm.so JPEG Decoding (CVE-2025-21052) CVE-2025-21052 4 - Medium - October 10, 2025

Relative Path Traversal in Samsung Knox Enterprise Enables Local Code Execution CVE-2025-21048 6.7 - Medium - October 10, 2025

CVE-2025-21047: Improper Access Control in KnoxGuard Allows Physical Prv API Use CVE-2025-21047 5.2 - Medium - October 10, 2025

Samsung DeX WindowManager Improper Access Control Enables Recent App Access CVE-2025-21046 2.4 - Low - October 10, 2025

Galaxy Watch insecure storage of sensitive data (CVE-2025-21045) CVE-2025-21045 4 - Medium - October 10, 2025

Android Fingerprint Trustlet OOB Write in SMR Oct-2025 CVE-2025-21044 5.7 - Medium - October 10, 2025

Remote OOB Write in libimagecodec.quram.so Enables RCE CVE-2025-21043 8.8 - High - September 12, 2025

Samsung libimagecodec.quram.so OOB write CVE-2025-21042 CVE-2025-21042 8.8 - High - September 12, 2025

OOB write in KnoxVault trustlet (Samsung) enabling local privileged CVE-2025-20982 6.4 - Medium - July 08, 2025

OOB Write in KnoxVault Trustlet (Android) CVE-2025-20983 6.4 - Medium - July 08, 2025

Android Keymaster trustlet OOB write enables local privileged writes CVE-2025-20937 6.7 - Medium - May 07, 2025

Local Privilege Escalation via Improper Access Control in Qualcomm HDCP Trustlet CVE-2025-20936 8.8 - High - April 08, 2025

Galaxy Watch BT Pairing Local Attack - Improper Exception Handling CVE-2025-20946 8.8 - High - April 08, 2025

Linux Kernel Pointer Leak in Logs Enables ASLR Bypass CVE-2023-21492 4.4 - Medium - May 04, 2023

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 CVE-2022-22265 5 - Medium - January 10, 2022