Version Q(10), R(11)

CVE-2022-36847

Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

MEDIUM CVSS 4.9 Published Sep 09, 2022

CVE-2022-33720

Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.

LOW CVSS 2.4 Published Aug 05, 2022

CVE-2022-33725

A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.

MEDIUM CVSS 4.0 Published Aug 05, 2022

CVE-2022-30717

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.

MEDIUM CVSS 4.0 Published Jun 07, 2022

CVE-2022-25833

Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.

LOW CVSS 3.3 Published Apr 11, 2022

CVE-2022-25817

Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.

MEDIUM CVSS 4.0 Published Mar 08, 2022

CVE-2022-25815

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

MEDIUM CVSS 5.5 Published Mar 08, 2022

CVE-2022-24931

Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission

HIGH CVSS 7.9 Published Mar 08, 2022