Samsung Mobile Devices Security Vulnerabilities

CVE-2024-20864

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system...

CVE-2024-20865

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary...

CVE-2024-20863

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary...

CVE-2024-20862

Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary...

CVE-2024-20866

Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation...

CVE-2024-20859

Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without...

CVE-2024-20860

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper...

CVE-2024-20856

Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific...

CVE-2024-20858

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current...

CVE-2024-20861

Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory...

CVE-2024-20857

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current...

CVE-2024-20821

A vulnerability possible to reconfigure OTP allows local attackers to transit RMA(Return Merchandise Authorization) mode, which disables security features. This attack needs additional privilege to control...

CVE-2024-20855

Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a...

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...

CVE-2024-20847

Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard...

CVE-2024-20849

Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary...

CVE-2024-20848

Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds...

CVE-2024-20843

Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary...

CVE-2024-20844

Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...

CVE-2024-20845

Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary...

CVE-2024-20842

Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds...

CVE-2024-20833

Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory...

CVE-2024-20835

Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged...

CVE-2024-20836

Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds...

CVE-2024-20834

The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper...

CVE-2024-20832

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary...

CVE-2024-20830

Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock...

CVE-2024-20831

Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary...

CVE-2023-52432

Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds...

CVE-2024-20819

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer...

CVE-2024-20820

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds...

CVE-2024-20817

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer...

CVE-2024-20818

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer...

CVE-2024-20813

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary...

CVE-2024-20812

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary...

CVE-2024-20816

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user...

CVE-2024-20814

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized...

CVE-2024-20815

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user...

CVE-2024-20811

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure...

CVE-2024-20810

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive...

CVE-2024-20802

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user...

CVE-2024-20803

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user...

CVE-2024-20806

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification...

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary...

CVE-2024-20805

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary...

CVE-2023-42570

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM...

CVE-2023-42568

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system...

CVE-2023-42569

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR...

CVE-2023-42564

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system...

CVE-2023-42562

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap...