Samsung Security Vulnerabilities
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network...
7.5CVSS
7.4AI Score
0.001EPSS
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP...
6.7CVSS
6.3AI Score
0.0004EPSS
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in...
3.3CVSS
4AI Score
0.0004EPSS
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory...
4.4CVSS
4.7AI Score
0.0004EPSS
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery...
7.5CVSS
7.4AI Score
0.001EPSS
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded...
6.7CVSS
6.9AI Score
0.0004EPSS
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise...
7.9CVSS
7.6AI Score
0.0004EPSS
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth...
4CVSS
4.1AI Score
0.0004EPSS
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory...
4.4CVSS
4.7AI Score
0.0004EPSS
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code...
6.7CVSS
7AI Score
0.0004EPSS
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code...
6.7CVSS
6.9AI Score
0.0004EPSS
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory...
4.4CVSS
4.8AI Score
0.0004EPSS
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer...
7.8CVSS
7.5AI Score
0.0004EPSS
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information...
5.5CVSS
5.3AI Score
0.0004EPSS
An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle...
7CVSS
6.8AI Score
0.0004EPSS
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory...
5.5CVSS
5.4AI Score
0.0004EPSS
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account...
6.5CVSS
5.7AI Score
0.001EPSS
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth...
5.5CVSS
5.5AI Score
0.0004EPSS
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi...
3.3CVSS
4.2AI Score
0.0005EPSS
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory...
5.5CVSS
5.4AI Score
0.0004EPSS
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate...
5.5CVSS
5.4AI Score
0.0004EPSS
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac...
5.5CVSS
5.6AI Score
0.0005EPSS
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf...
5.5CVSS
5.6AI Score
0.0005EPSS
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory...
5.9CVSS
3.9AI Score
0.0004EPSS
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start...
5.5CVSS
5.4AI Score
0.0004EPSS
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the...
5.5CVSS
5.5AI Score
0.0004EPSS
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI...
3.3CVSS
4.1AI Score
0.0005EPSS
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote...
6.5CVSS
6.5AI Score
0.0005EPSS
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor...
9.8CVSS
9.6AI Score
0.001EPSS
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an...
5.3CVSS
5.3AI Score
0.0004EPSS
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged...
5.5CVSS
5.9AI Score
0.0004EPSS
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung...
5.3CVSS
5.2AI Score
0.001EPSS
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in...
7.8CVSS
7.3AI Score
0.0004EPSS
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat...
3.3CVSS
4.1AI Score
0.0004EPSS
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message...
7.5CVSS
7.4AI Score
0.001EPSS
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth...
4.3CVSS
4.5AI Score
0.0005EPSS
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in...
3.3CVSS
4.3AI Score
0.0004EPSS
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device...
6.5CVSS
6.6AI Score
0.0005EPSS
Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth...
4.3CVSS
4.5AI Score
0.0005EPSS
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited...
7.8CVSS
7.5AI Score
0.0004EPSS
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported...
5.3CVSS
5.1AI Score
0.001EPSS
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel...
4.4CVSS
4.5AI Score
0.0004EPSS
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts...
5.5CVSS
5.4AI Score
0.0004EPSS
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts...
7.8CVSS
7.4AI Score
0.0004EPSS
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring...
2.4CVSS
4.2AI Score
0.0005EPSS
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as...
5.5CVSS
5.3AI Score
0.0004EPSS
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code...
6.5CVSS
6.3AI Score
0.0004EPSS
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL...
6.5CVSS
6.4AI Score
0.001EPSS
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal...
7.5CVSS
7.4AI Score
0.001EPSS
Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific...
7.8CVSS
7.8AI Score
0.0004EPSS