25 matches found
CVE-2024-49409
Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability...
CVE-2024-49409
Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability...
PT-2024-33519 · Samsung · Galaxy S24
Name of the Vulnerable Software and Affected Versions: Galaxy S24 versions prior to Firmware update Sep-2024 Release Description: The issue is an out-of-bounds write in the usb driver, allowing local attackers to write out-of-bounds memory. This requires system privilege to trigger...
CVE-2024-34662
CVE-2024-34662 involves improper access control in Android’s ActivityManager. The issue affects select Android 12 and 13 earlier than SMR Oct-2024 Release 1, and select Android 14 earlier than SMR Sep-2024 Release 1, enabling local attackers to perform privileged actions. Mitigation is via update...
CVE-2024-34654
Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege...
CVE-2024-34655
Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager...
CVE-2024-34650
Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel...
CVE-2024-34646
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service...
CVE-2024-34655
Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager...
CVE-2024-34655
Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager...
CVE-2024-34653
CVE-2024-34653 describes a path-traversal vulnerability in Samsung Mobile’s My Files prior to SMR Sep-2024 Release 1. The issue permits a physical attacker to access directories using My Files’ privileges, indicating a local/physical attack surface with impact on confidentiality but not integrity...
CVE-2024-34652
The CVE-2024-34652 entry corresponds to an incorrect authorization issue in the kperfmon component of Samsung Mobile devices prior to SMR Sep-2024 Release 1. The vulnerability allows local attackers to access performance-related information, including app usage. Affected scope and root cause are ...
CVE-2024-34652
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage...
CVE-2024-34652
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage...
CVE-2024-34651
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files...
CVE-2024-34649
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen...
CVE-2024-34649
CVE-2024-34649 describes an improper access control flaw in the Dex Mode of Samsung’s multitasking framework, before SMR Sep-2024 Release 1. The issue could allow a physical attacker to temporarily access an unlocked screen. Affected context is limited to Samsung Mobile devices with the Dex Mode/...
CVE-2024-34646
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service...
CVE-2024-34646
CVE-2024-34646 affects DualDarManagerProxy in Samsung Mobile devices prior to SMR Sep-2024 Release 1. The connected sources describe an improper access control vulnerability in that component, enabling local attackers to cause a local permanent denial of service. The issue is tied to the DualDarM...
CVE-2024-34645
The CVE-2024-34645 issue is confirmed in ThemeCenter prior to the SMR Sep-2024 Release 1. It stems from improper input validation, enabling a physical attacker to install privileged applications. Evidence across connected docs (PT-2024-26064, Red Hat/NVD/NEWS references) identifies ThemeCenter as...