Vulnerabilities

Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.

Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.

Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.

Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.

Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.

Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.

Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.

Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.

Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.

Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.

Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.

Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.

Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.

Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.

Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.

Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.

Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.

Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.

Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.

Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.

Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.

Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.

Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.

Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information.

Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.

Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.

Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.

Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.

Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.

Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.