CVE-2017-18658

An issue was discovered on Samsung mobile devices with M6.0 software. The multiwindowfacade API allows attackers to cause a NullPointerException and system halt via an attempted screen touch of a non-existing display. The Samsung ID is SVE-2017-9383 August 2017...

EUVD-2017-9753

Malware in sbrugna...

CVE-2018-21077

An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.x software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 April 2018...

CVE-2018-21054

An issue was discovered on Samsung mobile devices with M6.0, N7.x and O8.x except exynos9610/9820 in all Platforms, M6.0 except MSM8909 SC77xx/9830 exynos3470/5420, N7.0 except MSM8939, N7.1 except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in...

CVE-2018-21067

No concrete technical details (affected product/component, root cause, versions, or fix) are provided across the connected documents for CVE-2018-21067. The sources only repeat the generic Samsung Trustlet information disclosure description. Monitor for updates.

CVE-2018-21071

An issue was discovered on Samsung mobile devices with M6.0 software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 May 2018...

Race condition

An issue was discovered on Samsung mobile devices with L5.1, M6.0, and N7.x software. There is a race condition with a resultant read-after-free issue in getkek. The Samsung ID is SVE-2017-11174 February 2018...

CVE-2018-21085

CVE-2018-21085 affects Samsung mobile devices running L(5.x), M(6.0), and N(7.x) with a race condition leading to use-after-free in the vnswap_deinit_backing_storage path. The issue is documented under Samsung’s SVE-2017-11176 identity; no remediation details are provided in the connected sources...

CVE-2017-18688

An issue was discovered on Samsung mobile devices with L5.1, M6.0, and N7.0 software. There is an information disclosure of memory locations outside a buffer via /dev/dsmctrldev. The Samsung ID is SVE-2016-7340 January 2017...

CVE-2017-18679

An issue was discovered on Samsung mobile devices with M6.0 software. SLocation can cause a system crash via a call to an API that is not implemented. The Samsung ID is SVE-2017-8285 April 2017...

CVE-2017-18668

An issue was discovered on Samsung mobile devices with M6.0 software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 June 2017...

CVE-2017-18665

An issue was discovered on Samsung mobile devices with M6.0 software. There is a NULL pointer exception in WifiService via adb-cmd, causing memory corruption. The Samsung ID is SVE-2017-8287 June 2017...

CVE-2017-18658

An issue was discovered on Samsung mobile devices with M6.0 software. The multiwindowfacade API allows attackers to cause a NullPointerException and system halt via an attempted screen touch of a non-existing display. The Samsung ID is SVE-2017-9383 August 2017...

CVE-2017-18660

An issue was discovered on Samsung mobile devices with M6.0 and N7.x software. There is a buffer overflow in tlcserver. The Samsung ID is SVE-2017-8888 July 2017...

CVE-2017-18656

An issue was discovered on Samsung mobile devices with M6.0 and N7.x software. There is a buffer over-read in a trustlet. The Samsung ID is SVE-2017-8890 August 2017...

Code injection

An issue was discovered on Samsung mobile devices with M6.0 software. Attackers can prevent users from making outbound calls and sending outbound text messages. The Samsung ID is SVE-2017-8706 June 2017...

Buffer overflow

An issue was discovered on Samsung mobile devices with M6.0 and N7.x software. There is a buffer overflow in processciphertdea. The Samsung ID is SVE-2017-8973 July 2017...

Null pointer dereference

An issue was discovered on Samsung mobile devices with M6.0 software. There is a NULL pointer exception in WifiService via adb-cmd, causing memory corruption. The Samsung ID is SVE-2017-8287 June 2017...

Code injection

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 February 2017...

Code injection

An issue was discovered on Samsung mobile devices with L5.0/5.1 and M6.0 software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 February 2017...