CVE-2025-21071

Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

CVE-2025-21071

Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21074

CVE-2025-21074 affects the Quram DNG parser in libimagecodec.quram.so. The root cause is flawed bounds validation on the TrimBounds opcode, leading to out-of-bounds reads on heap-allocated image buffers. Reported impact includes remote crashes, ASLR information leakage, and, per a PacketStorm wri...

CVE-2025-21073

CVE-2025-21073 describes an insecure default configuration in USB connection mode before Samsung SMR Nov-2025 Release 1. This allows a privileged physical attacker to access user data on affected devices. Exploitation requires physical access and user interaction. Impact is data confidentiality l...

CVE-2025-21071

Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory...

PT-2025-45074

Name of the Vulnerable Software and Affected Versions Quram versions prior to SMR Nov-2025 Release 1 Description An out-of-bounds read issue exists in libimagecodec.quram.so that could allow remote attackers to access memory outside the intended boundaries. The issue is present in versions prior ...

This Week in Spring - October 28th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's a wonderful tuesday here in my home town of San Francisco as I write this from my condo's balcony, fresh off more than three weeks on the road. By the time we'll speak again in a week, Halloween will have come and gone...

CVE-2022-39888

Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information...

CVE-2024-49402

Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles...

CVE-2024-34678

Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption...

CVE-2024-49401

Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities...

CVE-2024-34679

Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege...

CVE-2024-34680

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information...

CVE-2024-34675

Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2024 Release 1 prior to version 1, which stems from Dressroom containing an improper...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2024 Release 1 prior to version 1, which stems from the Modem module's IpcProtocol containing an improper...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Nov-2024 Release 1 prior to version 1, which stems from libsapeextractor.so contains an...

PT-2024-26100 · Crane · Crane

Name of the Vulnerable Software and Affected Versions: Crane versions prior to SMR Nov-2024 Release 1 Description: The issue is related to incorrect default permissions, allowing local attackers to access files with phone privilege. Recommendations: For versions prior to SMR Nov-2024 Release 1,...

PT-2024-26099 · Unknown · Libsapeextractor.So

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified versions prior to SMR Nov-2024 Release 1 Description: The issue is related to an out-of-bounds write in libsapeextractor.so, allowing local attackers to cause memory corruption. This flaw exists in...