Lucene search
K
SamsungAndroid

465 matches found

CVE
CVE
added 2023/08/10 1:18 a.m.2510 views

CVE-2023-30684

Samsung Telecom contains an improper access control vulnerability that allows local attackers to call acceptRingingCall without permission on versions prior to SMR Aug-2023 Release 1. The issue is described across multiple sources (including PT-2023-22882) as a local-privilege concern affecting S...

4.3CVSS4AI score0.00137EPSS
CVE
CVE
added 2023/08/10 1:18 a.m.2509 views

CVE-2023-30682

The CVE-2023-30682 issue affects Samsung Telecom prior to SMR Aug-2023 Release 1, caused by improper access control that allows a local attacker to call the silenceRinger API without permission. The vulnerability is pursued within Samsung’s patch track for SMR Aug-2023 Release 1, with remediation...

4.3CVSS4AI score0.00137EPSS
CVE
CVE
added 2023/08/10 1:18 a.m.2508 views

CVE-2023-30683

CVE-2023-30683 is an improper access-control issue affecting Samsung Mobile devices (Telecom stack) where a local attacker can call the endCall API without permission. Connected sources corroborate the Samsung patch context: the vulnerability is listed among fixes in Samsung’s SMR Aug-2023 Releas...

4.3CVSS4AI score0.00137EPSS
CVE
CVE
added 2021/03/26 6:22 p.m.704 views

CVE-2021-25369

CVE-2021-25369 is an information-leak vulnerability in the Samsung device stack, uncovered as part of a three-vulnerability exploit chain. The issue resides in an improper access control of the sec_log file, exposing kernel information to userspace prior to Samsung’s SMR MAR-2021 Release 1. The l...

6.2CVSS5.3AI score0.01121EPSS
In wild
CVE
CVE
added 2021/03/04 8:59 p.m.703 views

CVE-2021-25337

CVE-2021-25337 is an Samsung-only vulnerability in the clipboard content provider (system_server) that allowed untrusted apps to read/write arbitrary files via improper access control before SMR Mar-2021 Release 1. The issue stems from missing access checks in the SemClipboardProvider.insert path...

7.1CVSS6.7AI score0.02831EPSS
In wild
CVE
CVE
added 2021/03/26 6:23 p.m.682 views

CVE-2021-25370

CVE-2021-25370 is a Samsung-internal chain of three vulnerabilities fixed in SMR Mar-2021 Release 1. The final issue is a use-after-free in the Display Processing Unit (DPU) driver that allows memory corruption leading to kernel panic when a file descriptor is mishandled in the DPU path. The thre...

6.1CVSS5AI score0.0089EPSS
In wild
CVE
CVE
added 2023/05/04 12:0 a.m.585 views

CVE-2023-21492

CVE-2023-21492 is a Samsung Mobile devices vulnerability where kernel pointers are printed to the log file, enabling a privileged, local attacker to bypass ASLR. Affected software relates to Samsung Mobile devices with the SMR May-2023 Release 1 context. The root cause is the insertion of sensiti...

4.4CVSS4.9AI score0.02554EPSS
In wild
CVE
CVE
added 2021/03/26 6:24 p.m.473 views

CVE-2021-25371

The CVE-2021-25371 issue affects Samsung SMR firmware (Mar-2021 Release 1) DSP driver, where a vulnerability could allow loading arbitrary ELF libraries inside the DSP. Affected component is the DSP driver within Samsung SMR firmware; root cause details are not provided in the sources, but the co...

7.2CVSS6.8AI score0.00842EPSS
In wild
CVE
CVE
added 2021/03/26 6:25 p.m.454 views

CVE-2021-25372

CVE-2021-25372 describes an improper boundary check in the Samsung mobile DSP driver, causing out-of-bounds memory access. Affected: Samsung mobile devices with the DSP driver (prior to SMR Mar-2021 Release 1). Root cause: boundary check weakness leading to out-of-bounds reads/writes. Impact per ...

7.2CVSS6.7AI score0.00852EPSS
In wild
CVE
CVE
added 2025/09/12 7:21 a.m.447 views

CVE-2025-21043

CVE-2025-21043 is an out-of-bounds write vulnerability in Samsung’s image decoding library, libimagecodec.quram.so, that can lead to remote code execution. The vulnerability affects Samsung mobile devices’ Quram DNG processing, with attacker-controlled input (e.g., malformed DNG) triggering heap/...

9.8CVSS7.1AI score0.01435EPSS
In wild
CVE
CVE
added 2021/10/06 5:10 p.m.443 views

CVE-2021-25489

The CVE-2021-25489 issue affects Samsung Mobile Devices, caused by improper input validation in the modem interface driver, triggering a format-string error that can cause a kernel panic. Affected are Samsung Mobile Devices prior to SMR Oct-2021 Release 1. The root cause is missing input validati...

5.5CVSS5.6AI score0.00518EPSS
In wild
CVE
CVE
added 2021/10/06 5:10 p.m.438 views

CVE-2021-25487

CVE-2021-25487 : Samsung Mobile Devices exhibit an out-of-bounds/read boundary issue in the modem interface driver’s set_skb_priv() prior to SMR Oct-2021 Release 1. This OOB read can lead to arbitrary code execution by dereferencing an invalid function pointer. Connected sources consistently desc...

7.8CVSS8AI score0.0062EPSS
In wild
CVE
CVE
added 2021/06/11 2:45 p.m.428 views

CVE-2021-25394

CVE-2021-25394 is a race-condition-based use-after-free vulnerability in Samsung Mobile Devices’ MFC charger driver, prior to SMR MAY-2021 Release 1. The issue enables arbitrary writes after a radio privilege is compromised, with local attack vector and partial integrity/availability impact per C...

6.4CVSS6.8AI score0.00422EPSS
In wild
CVE
CVE
added 2021/06/11 2:45 p.m.426 views

CVE-2021-25395

CVE-2021-25395 describes a race condition in Samsung MFC charger driver prior to SMR MAY-2021 Release 1 that allows a local attacker with compromised radio privileges to bypass signature checks, impacting confidentiality, integrity, and availability. The vulnerability affects Samsung mobile devic...

6.4CVSS6.5AI score0.00385EPSS
In wild
CVE
CVE
added 2024/02/06 2:23 a.m.106 views

CVE-2024-20819

CVE-2024-20819 affects Samsung Mobile software containing the vulnerable function libsthmbc.so: the out-of-bounds write occurs in the svc1td_vld_plh_ap path. Affects versions prior to SMR Feb-2024 Release 1. Impact: local attacker could trigger a buffer overflow. Mitigation: update to SMR Feb-202...

7.8CVSS7.6AI score0.00174EPSS
CVE
CVE
added 2023/10/04 3:2 a.m.102 views

CVE-2023-30733

CVE-2023-30733 affects the HDCP trustlet in Samsung mobile devices prior to SMR Oct-2023 Release 1. The root cause is a stack-based buffer overflow in the trustlet, enabling local attackers with low privileges to achieve code execution. The vulnerability is locally exploitable (no user interactio...

7.8CVSS7.6AI score0.00168EPSS
CVE
CVE
added 2024/03/05 4:44 a.m.96 views

CVE-2024-20832

The CVE-2024-20832 entry concerns the Little Kernel bootloader heap overflow in Samsung devices. Affected component: Little Kernel in the bootloader; root cause: heap overflow prior to SMR Mar-2024 Release 1. Impact: local privileged attackers can execute arbitrary code. Public exploitation detai...

6.7CVSS6.7AI score0.00164EPSS
CVE
CVE
added 2024/03/05 4:44 a.m.90 views

CVE-2024-20831

CVE-2024-20831 describes a stack overflow in the Little Kernel bootloader. The vulnerability is exploitable locally to gain privileged code execution via the bootloader on versions prior to SMR Mar-2024 Release 1. Remediation per provided documents is to update to SMR Mar-2024 Release 1 or later;...

6.7CVSS6.7AI score0.00154EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.85 views

CVE-2025-20892

CVE-2025-20892 concerns a protection mechanism failure in the bootloader of Samsung Mobile devices prior to SMR January 2025 Release 1. The issue enables physical attackers to execute the fastboot command, with user interaction required to trigger it. Reported impact scores (CVSS v3.1) indicate a...

5.9CVSS6.9AI score0.00204EPSS
CVE
CVE
added 2024/01/04 1:10 a.m.83 views

CVE-2024-20804

The CVE-2024-20804 vulnerability affects Samsung MyFiles: path traversal in the FileUriConverter prior to SMR Jan-2024 Release 1 on Android 11/12, and version 14.5.00.21 on Android 13. This could let a local attacker write arbitrary files. Affected software/components: MyFiles (FileUriConverter)....

5.5CVSS5.4AI score0.00182EPSS
CVE
CVE
added 2024/09/04 5:32 a.m.83 views

CVE-2024-34647

CVE-2024-34647 concerns DualDarManagerProxy in Samsung Mobile devices, where an incorrect use of a privileged API allows local attackers to access Knox-related APIs without proper licensing. The vulnerability is described across multiple sources as a local privilege escalation via the Knox API, w...

5.5CVSS6.8AI score0.00133EPSS
CVE
CVE
added 2023/08/10 1:18 a.m.82 views

CVE-2023-30680

CVE-2023-30680 affects Samsung MMIGroup before the SMR Aug-2023 Release 1. Root cause: improper privilege management allowing code execution with elevated privileges. Impact: local attacker could achieve total compromise of confidentiality, integrity, and availability. Affected: MMIGroup software...

8.4CVSS7.8AI score0.00168EPSS
CVE
CVE
added 2024/09/04 5:32 a.m.81 views

CVE-2024-34650

CVE-2024-34650 affects Samsung CocktailbarService with an improper authorization issue that enables local attackers to access privileged Edge Panel APIs. Affected: CocktailbarService prior to SMR Sep-2024 Release 1. Impact is limited to local access; no remote vector stated. Remediation: upgrade ...

4CVSS6.8AI score0.00132EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.80 views

CVE-2025-20890

CVE-2025-20890 describes an out-of-bounds write in the decoding frame buffer of libsthmbc.so prior to the SMR Jan-2025 Release 1 , allowing local attackers to execute arbitrary code with elevated privileges . Triggering this requires user interaction . Affected software is Samsung Mobile devices ...

7.8CVSS7.9AI score0.00153EPSS
CVE
CVE
added 2024/02/06 2:23 a.m.79 views

CVE-2024-20810

Samsung Mobile devices with Smart Suggestions are affected by CVE-2024-20810 (implicit intent hijacking). The vulnerability arises in Smart Suggestions prior to the SMR Feb-2024 Release 1, enabling local attackers to obtain sensitive information. Affected version details are consistently reported...

3.3CVSS3.9AI score0.00162EPSS
CVE
CVE
added 2024/09/04 5:32 a.m.79 views

CVE-2024-34655

CVE-2024-34655 affects Samsung Mobile devices in the UniversalCredentialManager component. The root cause is incorrect use of a privileged API, enabling local attackers to access privileged API related to UniversalCredentialManager. Impact is described as local, with confidentiality risk (high) a...

6.2CVSS6.8AI score0.00137EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.79 views

CVE-2025-20882

CVE-2025-20882 affects libsthmbc.so (svc1td) with an out-of-bounds write into uninitialized memory, enabling local attackers to execute arbitrary code with privileges. The issue requires user interaction to trigger and is linked to SMR Jan-2025 Release 1. Affected component is libsthmbc.so; vulne...

7.8CVSS7.2AI score0.00164EPSS
CVE
CVE
added 2024/02/06 2:23 a.m.78 views

CVE-2024-20818

CVE-2024-20818 affects the Samsung Mobile/libsthmbc.so component. The vulnerability is an out-of-bounds write in the function svc1td_vld_elh, enabling a local attacker to trigger a buffer overflow. Evidence across multiple sources confirms the issue resides in libsthmbc.so prior to SMR Feb-2024 R...

7.8CVSS7.6AI score0.00174EPSS
CVE
CVE
added 2023/10/04 3:2 a.m.77 views

CVE-2023-30731

Summary (mode C): CVE-2023-30731 relates to Samsung Mobile devices prior to the SMR Oct-2023 Release 1. The issue is a logic error during package installation via a debugger command, which could let a physical attacker install an application that has a different build type. The documents do not p...

5.7CVSS4.7AI score0.00226EPSS
CVE
CVE
added 2024/02/06 2:23 a.m.77 views

CVE-2024-20820

The CVE-2024-20820 entry refers to improper input validation in the bootloader of Samsung mobile devices, allowing local privileged attackers to trigger an out-of-bounds read. Affected software is the bootloader prior to SMR Feb-2024 Release 1. Documented impact includes confidentiality and avail...

7.1CVSS6.6AI score0.00203EPSS
CVE
CVE
added 2024/04/02 2:59 a.m.76 views

CVE-2024-20848

CVE-2024-20848 affects libsdffextractor’s text parsing. Affected versions are prior to SMR Apr-2024 Release 1, with an Improper Input Validation root cause that allows a local attacker to write out-of-bounds memory. The issue is documented in PT-2024-18757 and corroborated by multiple sources not...

7.8CVSS6.5AI score0.0016EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.76 views

CVE-2025-20885

CVE-2025-20885 is an out-of-bounds write vulnerability in the softsim trustlet used by Samsung Mobile devices prior to SMR Jan-2025 Release 1. The issue enables local privileged attackers to cause memory corruption. Publicly documented impact includes possible elevation of privileges and access t...

6.7CVSS6.2AI score0.00132EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.76 views

CVE-2025-20886

CVE-2025-20886 concerns Samsung Mobile devices where the issue resides in the softsim trustlet due to sensitive information being included in test code prior to the SMR January 2025 Release 1. The documented impact is that local privileged attackers can obtain the test key. Public technical detai...

4.4CVSS4.2AI score0.0013EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.75 views

CVE-2025-20884

CVE-2025-20884: Samsung Message contains an improper access control flaw that could allow a person with physical access to a device to access data across multiple user profiles. Affected: Samsung Message prior to SMR Jan-2025 Release 1. Root cause: inadequate access control between user profiles....

4.6CVSS4.6AI score0.00201EPSS
CVE
CVE
added 2023/02/09 12:0 a.m.74 views

CVE-2023-21440

The CVE-2023-21440 entry maps to an improper access control vulnerability in the WindowManagerService, affecting Samsung Android devices. Root cause: WindowManagerService prior to SMR Feb-2023 Release 1 allows an attacker to capture the screen. Impact: potential exposure of screen content (confid...

6.2CVSS5.4AI score0.00176EPSS
CVE
CVE
added 2023/08/10 1:18 a.m.74 views

CVE-2023-30698

Technical details (affected product/version, exploit vector, impact, patches) are not publicly provided in the connected documents for CVE-2023-30698. Monitor for updates from NVD/Red Hat/Samsung advisories.

5.5CVSS5.3AI score0.00138EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.74 views

CVE-2025-20881

CVE-2025-20881 corresponds to an out-of-bounds write in libsthmbc.so used to store decoded video frames, affecting Samsung Mobile before SMR Jan-2025 Release 1. The vulnerability allows local attackers to execute arbitrary code with privileges, with user interaction required to trigger. Connected...

7.8CVSS7.2AI score0.00164EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.74 views

CVE-2025-20887

CVE-2025-20887 refers to an out-of-bounds read in the svp8t table accessed by libsthmbc.so, affected on Samsung Mobile devices prior to SMR Jan-2025 Release 1. Local attackers can read arbitrary memory with user interaction required to trigger the issue. The vulnerability is documented across mul...

5.5CVSS6.9AI score0.00139EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.74 views

CVE-2025-20889

CVE-2025-20889 is an out-of-bounds read in decoding a malformed bitstream for smp4vtd in libsthmbc.so , prior to the Samsung SMR Jan-2025 Release 1. The vulnerability allows local attackers to read arbitrary memory and requires user interaction to trigger. Affected component is the decoding path ...

5.5CVSS6.9AI score0.00139EPSS
CVE
CVE
added 2024/02/06 2:23 a.m.73 views

CVE-2024-20817

CVE-2024-20817 affects Samsung Mobile devices via the vulnerable libsthmbc.so component: the function svc1td_vld_slh suffers an out-of-bounds write vulnerability. The issue exists in versions prior to the SMR Feb-2024 Release 1 and can allow a local attacker to trigger a buffer overflow. The conn...

7.8CVSS7.6AI score0.00174EPSS
CVE
CVE
added 2025/02/04 7:19 a.m.73 views

CVE-2025-20888

CVE-2025-20888 involves an out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so, prior to Samsung SMR Jan-2025 Release 1. Affected component: libsthmbc.so on Samsung Mobile devices. Root cause: out-of-bounds write when processing block sizes for smp4vtd. Impact: local arbitr...

7.8CVSS7.8AI score0.00153EPSS
CVE
CVE
added 2025/04/08 4:39 a.m.73 views

CVE-2025-20936

CVE-2025-20936 concerns improper access control in the HDCP trustlet, affecting Samsung mobile devices prior to SMR Apr-2025 Release 1. The root cause is local privilege escalation to root via shell privileges. Impact is high (local, high confidentiality/integrity/availability impact) per cited C...

8.8CVSS7.2AI score0.00138EPSS
CVE
CVE
added 2023/08/10 1:18 a.m.72 views

CVE-2023-30694

CVE-2023-30694 affects the libsec-ril component (IpcTxPcscTransmitApdu). The root cause is an out-of-bounds write in this function, allowing a local attacker to execute arbitrary code on vulnerable devices. Affected product scope is Samsung Mobile firmware prior to the SMR Aug-2023 Release 1. The...

7.8CVSS7.7AI score0.0018EPSS
CVE
CVE
added 2024/03/05 4:44 a.m.72 views

CVE-2024-20830

Summary: Samsung Mobile AppLock had an incorrect default permission in versions prior to SMR Mar-2024 Release 1, enabling local attackers to configure AppLock settings. Impact (from available data): Local, low-complexity access with low confidentiality/integrity/availability impact (CVSS v3.1 bas...

5.3CVSS5.1AI score0.00136EPSS
CVE
CVE
added 2024/02/06 2:23 a.m.71 views

CVE-2024-20814

CVE-2024-20814 describes an out-of-bounds read in the function padmd_vld_ac_prog_refine of libpadm.so. The issue affects Samsung mobile software prior to SMR Feb-2024 Release 1 and could allow a local attacker to access unauthorized information. Exploitation details, affected product versions, an...

5.5CVSS5.3AI score0.00197EPSS
CVE
CVE
added 2024/07/02 9:20 a.m.71 views

CVE-2024-20888

CVE-2024-20888 : Improper access control in Samsung OneUIHome prior to SMR Jul-2024 Release 1 enables local attackers to launch privileged activities. Impact: high confidentiality, integrity, and availability concerns; attack vector is local with user interaction required. Affected software: OneU...

7.8CVSS6.8AI score0.00173EPSS
CVE
CVE
added 2025/05/07 8:24 a.m.71 views

CVE-2025-20954

CVE-2025-20954 affects Samsung’s EnrichedCall feature. The issue arises from the use of an implicit intent for sensitive communications, enabling a local attacker to access sensitive information. The vulnerability is described as impacting EnrichedCall versions prior to SMR May-2025 Release 1. Tr...

5.5CVSS5.4AI score0.00146EPSS
CVE
CVE
added 2024/01/04 1:10 a.m.70 views

CVE-2024-20805

The CVE-2024-20805 entry documents a path traversal vulnerability in the ZipCompressor of MyFiles. Affected: Samsung Android devices running MyFiles on Android 11/12 (prior to SMR Jan-2024 Release 1) and Android 13 (MyFiles 14.5.00.21). Impact: local attackers can write arbitrary files. Root caus...

5.5CVSS5.4AI score0.00181EPSS
CVE
CVE
added 2024/07/02 9:20 a.m.70 views

CVE-2024-20893

CVE-2024-20893 describes improper input validation in libmediaextractorservice.so prior to the Samsung SMR Jul-2024 Release 1, enabling local attackers to trigger memory corruption. Public sources consistently reference Samsung Mobile devices as affected; documentation from Red Hat and NVD corrob...

7.8CVSS6.8AI score0.00159EPSS
CVE
CVE
added 2025/02/04 7:24 a.m.70 views

CVE-2025-20905

CVE-2025-20905 concerns the mPOS TUI trustlet. The issue is an out-of-bounds read and write in versions prior to Samsung SMR Feb-2025 Release 1, enabling local privileged attackers to read and write memory out-of-bounds. Impact is described as high for confidentiality, integrity, and availability...

6.7CVSS6.7AI score0.00154EPSS
Total number of security vulnerabilities465