465 matches found
CVE-2023-30684
Samsung Telecom contains an improper access control vulnerability that allows local attackers to call acceptRingingCall without permission on versions prior to SMR Aug-2023 Release 1. The issue is described across multiple sources (including PT-2023-22882) as a local-privilege concern affecting S...
CVE-2023-30682
The CVE-2023-30682 issue affects Samsung Telecom prior to SMR Aug-2023 Release 1, caused by improper access control that allows a local attacker to call the silenceRinger API without permission. The vulnerability is pursued within Samsung’s patch track for SMR Aug-2023 Release 1, with remediation...
CVE-2023-30683
CVE-2023-30683 is an improper access-control issue affecting Samsung Mobile devices (Telecom stack) where a local attacker can call the endCall API without permission. Connected sources corroborate the Samsung patch context: the vulnerability is listed among fixes in Samsung’s SMR Aug-2023 Releas...
CVE-2021-25369
CVE-2021-25369 is an information-leak vulnerability in the Samsung device stack, uncovered as part of a three-vulnerability exploit chain. The issue resides in an improper access control of the sec_log file, exposing kernel information to userspace prior to Samsung’s SMR MAR-2021 Release 1. The l...
CVE-2021-25337
CVE-2021-25337 is an Samsung-only vulnerability in the clipboard content provider (system_server) that allowed untrusted apps to read/write arbitrary files via improper access control before SMR Mar-2021 Release 1. The issue stems from missing access checks in the SemClipboardProvider.insert path...
CVE-2021-25370
CVE-2021-25370 is a Samsung-internal chain of three vulnerabilities fixed in SMR Mar-2021 Release 1. The final issue is a use-after-free in the Display Processing Unit (DPU) driver that allows memory corruption leading to kernel panic when a file descriptor is mishandled in the DPU path. The thre...
CVE-2023-21492
CVE-2023-21492 is a Samsung Mobile devices vulnerability where kernel pointers are printed to the log file, enabling a privileged, local attacker to bypass ASLR. Affected software relates to Samsung Mobile devices with the SMR May-2023 Release 1 context. The root cause is the insertion of sensiti...
CVE-2021-25371
The CVE-2021-25371 issue affects Samsung SMR firmware (Mar-2021 Release 1) DSP driver, where a vulnerability could allow loading arbitrary ELF libraries inside the DSP. Affected component is the DSP driver within Samsung SMR firmware; root cause details are not provided in the sources, but the co...
CVE-2021-25372
CVE-2021-25372 describes an improper boundary check in the Samsung mobile DSP driver, causing out-of-bounds memory access. Affected: Samsung mobile devices with the DSP driver (prior to SMR Mar-2021 Release 1). Root cause: boundary check weakness leading to out-of-bounds reads/writes. Impact per ...
CVE-2025-21043
CVE-2025-21043 is an out-of-bounds write vulnerability in Samsung’s image decoding library, libimagecodec.quram.so, that can lead to remote code execution. The vulnerability affects Samsung mobile devices’ Quram DNG processing, with attacker-controlled input (e.g., malformed DNG) triggering heap/...
CVE-2021-25489
The CVE-2021-25489 issue affects Samsung Mobile Devices, caused by improper input validation in the modem interface driver, triggering a format-string error that can cause a kernel panic. Affected are Samsung Mobile Devices prior to SMR Oct-2021 Release 1. The root cause is missing input validati...
CVE-2021-25487
CVE-2021-25487 : Samsung Mobile Devices exhibit an out-of-bounds/read boundary issue in the modem interface driver’s set_skb_priv() prior to SMR Oct-2021 Release 1. This OOB read can lead to arbitrary code execution by dereferencing an invalid function pointer. Connected sources consistently desc...
CVE-2021-25394
CVE-2021-25394 is a race-condition-based use-after-free vulnerability in Samsung Mobile Devices’ MFC charger driver, prior to SMR MAY-2021 Release 1. The issue enables arbitrary writes after a radio privilege is compromised, with local attack vector and partial integrity/availability impact per C...
CVE-2021-25395
CVE-2021-25395 describes a race condition in Samsung MFC charger driver prior to SMR MAY-2021 Release 1 that allows a local attacker with compromised radio privileges to bypass signature checks, impacting confidentiality, integrity, and availability. The vulnerability affects Samsung mobile devic...
CVE-2024-20819
CVE-2024-20819 affects Samsung Mobile software containing the vulnerable function libsthmbc.so: the out-of-bounds write occurs in the svc1td_vld_plh_ap path. Affects versions prior to SMR Feb-2024 Release 1. Impact: local attacker could trigger a buffer overflow. Mitigation: update to SMR Feb-202...
CVE-2023-30733
CVE-2023-30733 affects the HDCP trustlet in Samsung mobile devices prior to SMR Oct-2023 Release 1. The root cause is a stack-based buffer overflow in the trustlet, enabling local attackers with low privileges to achieve code execution. The vulnerability is locally exploitable (no user interactio...
CVE-2024-20832
The CVE-2024-20832 entry concerns the Little Kernel bootloader heap overflow in Samsung devices. Affected component: Little Kernel in the bootloader; root cause: heap overflow prior to SMR Mar-2024 Release 1. Impact: local privileged attackers can execute arbitrary code. Public exploitation detai...
CVE-2024-20831
CVE-2024-20831 describes a stack overflow in the Little Kernel bootloader. The vulnerability is exploitable locally to gain privileged code execution via the bootloader on versions prior to SMR Mar-2024 Release 1. Remediation per provided documents is to update to SMR Mar-2024 Release 1 or later;...
CVE-2025-20892
CVE-2025-20892 concerns a protection mechanism failure in the bootloader of Samsung Mobile devices prior to SMR January 2025 Release 1. The issue enables physical attackers to execute the fastboot command, with user interaction required to trigger it. Reported impact scores (CVSS v3.1) indicate a...
CVE-2024-20804
The CVE-2024-20804 vulnerability affects Samsung MyFiles: path traversal in the FileUriConverter prior to SMR Jan-2024 Release 1 on Android 11/12, and version 14.5.00.21 on Android 13. This could let a local attacker write arbitrary files. Affected software/components: MyFiles (FileUriConverter)....
CVE-2024-34647
CVE-2024-34647 concerns DualDarManagerProxy in Samsung Mobile devices, where an incorrect use of a privileged API allows local attackers to access Knox-related APIs without proper licensing. The vulnerability is described across multiple sources as a local privilege escalation via the Knox API, w...
CVE-2023-30680
CVE-2023-30680 affects Samsung MMIGroup before the SMR Aug-2023 Release 1. Root cause: improper privilege management allowing code execution with elevated privileges. Impact: local attacker could achieve total compromise of confidentiality, integrity, and availability. Affected: MMIGroup software...
CVE-2024-34650
CVE-2024-34650 affects Samsung CocktailbarService with an improper authorization issue that enables local attackers to access privileged Edge Panel APIs. Affected: CocktailbarService prior to SMR Sep-2024 Release 1. Impact is limited to local access; no remote vector stated. Remediation: upgrade ...
CVE-2025-20890
CVE-2025-20890 describes an out-of-bounds write in the decoding frame buffer of libsthmbc.so prior to the SMR Jan-2025 Release 1 , allowing local attackers to execute arbitrary code with elevated privileges . Triggering this requires user interaction . Affected software is Samsung Mobile devices ...
CVE-2024-20810
Samsung Mobile devices with Smart Suggestions are affected by CVE-2024-20810 (implicit intent hijacking). The vulnerability arises in Smart Suggestions prior to the SMR Feb-2024 Release 1, enabling local attackers to obtain sensitive information. Affected version details are consistently reported...
CVE-2024-34655
CVE-2024-34655 affects Samsung Mobile devices in the UniversalCredentialManager component. The root cause is incorrect use of a privileged API, enabling local attackers to access privileged API related to UniversalCredentialManager. Impact is described as local, with confidentiality risk (high) a...
CVE-2025-20882
CVE-2025-20882 affects libsthmbc.so (svc1td) with an out-of-bounds write into uninitialized memory, enabling local attackers to execute arbitrary code with privileges. The issue requires user interaction to trigger and is linked to SMR Jan-2025 Release 1. Affected component is libsthmbc.so; vulne...
CVE-2024-20818
CVE-2024-20818 affects the Samsung Mobile/libsthmbc.so component. The vulnerability is an out-of-bounds write in the function svc1td_vld_elh, enabling a local attacker to trigger a buffer overflow. Evidence across multiple sources confirms the issue resides in libsthmbc.so prior to SMR Feb-2024 R...
CVE-2023-30731
Summary (mode C): CVE-2023-30731 relates to Samsung Mobile devices prior to the SMR Oct-2023 Release 1. The issue is a logic error during package installation via a debugger command, which could let a physical attacker install an application that has a different build type. The documents do not p...
CVE-2024-20820
The CVE-2024-20820 entry refers to improper input validation in the bootloader of Samsung mobile devices, allowing local privileged attackers to trigger an out-of-bounds read. Affected software is the bootloader prior to SMR Feb-2024 Release 1. Documented impact includes confidentiality and avail...
CVE-2024-20848
CVE-2024-20848 affects libsdffextractor’s text parsing. Affected versions are prior to SMR Apr-2024 Release 1, with an Improper Input Validation root cause that allows a local attacker to write out-of-bounds memory. The issue is documented in PT-2024-18757 and corroborated by multiple sources not...
CVE-2025-20885
CVE-2025-20885 is an out-of-bounds write vulnerability in the softsim trustlet used by Samsung Mobile devices prior to SMR Jan-2025 Release 1. The issue enables local privileged attackers to cause memory corruption. Publicly documented impact includes possible elevation of privileges and access t...
CVE-2025-20886
CVE-2025-20886 concerns Samsung Mobile devices where the issue resides in the softsim trustlet due to sensitive information being included in test code prior to the SMR January 2025 Release 1. The documented impact is that local privileged attackers can obtain the test key. Public technical detai...
CVE-2025-20884
CVE-2025-20884: Samsung Message contains an improper access control flaw that could allow a person with physical access to a device to access data across multiple user profiles. Affected: Samsung Message prior to SMR Jan-2025 Release 1. Root cause: inadequate access control between user profiles....
CVE-2023-21440
The CVE-2023-21440 entry maps to an improper access control vulnerability in the WindowManagerService, affecting Samsung Android devices. Root cause: WindowManagerService prior to SMR Feb-2023 Release 1 allows an attacker to capture the screen. Impact: potential exposure of screen content (confid...
CVE-2023-30698
Technical details (affected product/version, exploit vector, impact, patches) are not publicly provided in the connected documents for CVE-2023-30698. Monitor for updates from NVD/Red Hat/Samsung advisories.
CVE-2025-20881
CVE-2025-20881 corresponds to an out-of-bounds write in libsthmbc.so used to store decoded video frames, affecting Samsung Mobile before SMR Jan-2025 Release 1. The vulnerability allows local attackers to execute arbitrary code with privileges, with user interaction required to trigger. Connected...
CVE-2025-20887
CVE-2025-20887 refers to an out-of-bounds read in the svp8t table accessed by libsthmbc.so, affected on Samsung Mobile devices prior to SMR Jan-2025 Release 1. Local attackers can read arbitrary memory with user interaction required to trigger the issue. The vulnerability is documented across mul...
CVE-2025-20889
CVE-2025-20889 is an out-of-bounds read in decoding a malformed bitstream for smp4vtd in libsthmbc.so , prior to the Samsung SMR Jan-2025 Release 1. The vulnerability allows local attackers to read arbitrary memory and requires user interaction to trigger. Affected component is the decoding path ...
CVE-2024-20817
CVE-2024-20817 affects Samsung Mobile devices via the vulnerable libsthmbc.so component: the function svc1td_vld_slh suffers an out-of-bounds write vulnerability. The issue exists in versions prior to the SMR Feb-2024 Release 1 and can allow a local attacker to trigger a buffer overflow. The conn...
CVE-2025-20888
CVE-2025-20888 involves an out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so, prior to Samsung SMR Jan-2025 Release 1. Affected component: libsthmbc.so on Samsung Mobile devices. Root cause: out-of-bounds write when processing block sizes for smp4vtd. Impact: local arbitr...
CVE-2025-20936
CVE-2025-20936 concerns improper access control in the HDCP trustlet, affecting Samsung mobile devices prior to SMR Apr-2025 Release 1. The root cause is local privilege escalation to root via shell privileges. Impact is high (local, high confidentiality/integrity/availability impact) per cited C...
CVE-2023-30694
CVE-2023-30694 affects the libsec-ril component (IpcTxPcscTransmitApdu). The root cause is an out-of-bounds write in this function, allowing a local attacker to execute arbitrary code on vulnerable devices. Affected product scope is Samsung Mobile firmware prior to the SMR Aug-2023 Release 1. The...
CVE-2024-20830
Summary: Samsung Mobile AppLock had an incorrect default permission in versions prior to SMR Mar-2024 Release 1, enabling local attackers to configure AppLock settings. Impact (from available data): Local, low-complexity access with low confidentiality/integrity/availability impact (CVSS v3.1 bas...
CVE-2024-20814
CVE-2024-20814 describes an out-of-bounds read in the function padmd_vld_ac_prog_refine of libpadm.so. The issue affects Samsung mobile software prior to SMR Feb-2024 Release 1 and could allow a local attacker to access unauthorized information. Exploitation details, affected product versions, an...
CVE-2024-20888
CVE-2024-20888 : Improper access control in Samsung OneUIHome prior to SMR Jul-2024 Release 1 enables local attackers to launch privileged activities. Impact: high confidentiality, integrity, and availability concerns; attack vector is local with user interaction required. Affected software: OneU...
CVE-2025-20954
CVE-2025-20954 affects Samsung’s EnrichedCall feature. The issue arises from the use of an implicit intent for sensitive communications, enabling a local attacker to access sensitive information. The vulnerability is described as impacting EnrichedCall versions prior to SMR May-2025 Release 1. Tr...
CVE-2024-20805
The CVE-2024-20805 entry documents a path traversal vulnerability in the ZipCompressor of MyFiles. Affected: Samsung Android devices running MyFiles on Android 11/12 (prior to SMR Jan-2024 Release 1) and Android 13 (MyFiles 14.5.00.21). Impact: local attackers can write arbitrary files. Root caus...
CVE-2024-20893
CVE-2024-20893 describes improper input validation in libmediaextractorservice.so prior to the Samsung SMR Jul-2024 Release 1, enabling local attackers to trigger memory corruption. Public sources consistently reference Samsung Mobile devices as affected; documentation from Red Hat and NVD corrob...
CVE-2025-20905
CVE-2025-20905 concerns the mPOS TUI trustlet. The issue is an out-of-bounds read and write in versions prior to Samsung SMR Feb-2025 Release 1, enabling local privileged attackers to read and write memory out-of-bounds. Impact is described as high for confidentiality, integrity, and availability...