Samsung Mobile Samsung Mobile Devices vP(9.0), Q(10.0), R(11.0) - 19 CVEs

CVE-2022-23429

An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.

MEDIUM CVSS 5.3 Published Feb 11, 2022

CVE-2022-23426

A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.

MEDIUM CVSS 4.4 Published Feb 11, 2022

CVE-2022-22271

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

MEDIUM CVSS 5.5 Published Jan 07, 2022

CVE-2022-22270

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

MEDIUM CVSS 4.4 Published Jan 07, 2022

CVE-2022-22269

Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.

MEDIUM CVSS 4.0 Published Jan 07, 2022

(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.

MEDIUM CVSS 4.0 Published Jan 07, 2022

CVE-2021-25519

An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.

MEDIUM CVSS 4.0 Published Dec 08, 2021

CVE-2021-25515

An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.

MEDIUM CVSS 4.0 Published Dec 08, 2021

CVE-2021-25512

An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.

MEDIUM CVSS 6.1 Published Dec 08, 2021

CVE-2021-25511

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.

MEDIUM CVSS 6.3 Published Dec 08, 2021

CVE-2021-25510

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.

MEDIUM CVSS 5.3 Published Dec 08, 2021

CVE-2021-25491

A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.

LOW CVSS 2.3 Published Oct 06, 2021

CVE-2021-25490

A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

MEDIUM CVSS 6.0 Published Oct 06, 2021

CVE-2021-25477

An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.

MEDIUM CVSS 4.4 Published Oct 06, 2021

CVE-2021-25451

A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

LOW CVSS 3.3 Published Sep 09, 2021

CVE-2021-25397

An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

MEDIUM CVSS 6.8 Published Jun 11, 2021

CVE-2021-25414

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.

UNKNOWN Published Jun 11, 2021

CVE-2021-25413

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.