SB2023052602 - Multiple vulnerabilities in Samsung Mobile Firmware
Published: May 26, 2023 Updated: January 15, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 76 secuirty vulnerabilities.
1) Information exposure (CVE-ID: CVE-2023-21118)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
2) Input validation error (CVE-ID: CVE-2023-21502)
The vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to insufficient input validation in FactoryTest application. A malicious application can get privilege escalation via debugging commands.
3) Use-after-free (CVE-ID: CVE-2023-0266)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
4) Improper input validation (CVE-ID: CVE-2023-21116)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
5) Out-of-bounds write (CVE-ID: CVE-2022-22706)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges. This vulnerability was patched in Google Pixel and tracked under #VU64876 (CVE-2021-39793).
Note, the vulnerability is known to be exploited in the wild in targeted attacks.
6) Improper input validation (CVE-ID: CVE-2023-21111)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
7) Improper input validation (CVE-ID: CVE-2023-21103)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
8) Information exposure (CVE-ID: CVE-2023-21112)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
9) Input validation error (CVE-ID: CVE-2023-21501)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input in mPOS fiserve trustlet. A local application can execute arbitrary code on the device.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-20444)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
11) Improper input validation (CVE-ID: CVE-2023-21110)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Frameworks component. A local application can execute arbitrary code.
12) Improper input validation (CVE-ID: CVE-2023-20930)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
13) Information exposure (CVE-ID: CVE-2023-21104)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
14) Information exposure (CVE-ID: CVE-2023-20914)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
15) Improper input validation (CVE-ID: CVE-2023-21117)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
16) Improper input validation (CVE-ID: CVE-2023-21109)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
17) Improper access control (CVE-ID: CVE-2023-21493)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in SemShareFileProvider. A local application can access protected data.
18) Double Free (CVE-ID: CVE-2023-21500)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a boundary error in setPinPadImages in mPOS TUI trustlet. A local application can trigger a double free error and access the trustlet memory.
19) Improper input validation (CVE-ID: CVE-2022-20338)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
20) Improper access control (CVE-ID: CVE-2023-21488)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Tips. A local application can bypass implemented security restrictions and launch arbitrary activity in Tips.
21) Improper access control (CVE-ID: CVE-2023-21484)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions in AppLock. A local application can bypass implemented security restrictions and execute privileged operations.
22) Improper export of android application components (CVE-ID: CVE-2023-21485)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper export of android application components in VideoPreviewActivity in Call Settings. An attacker with physical access to device can obtain certain media data stored in sandbox.
23) Improper export of android application components (CVE-ID: CVE-2023-21486)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to improper export of android application components in ImagePreviewActivity in Call Settings. An attacker with physical access to device can obtain certain media data stored in sandbox.
24) Improper access control (CVE-ID: CVE-2023-21487)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Telephony framework. A local application can bypass implemented security restrictions and change a call setting.
25) Buffer overflow (CVE-ID: CVE-2023-21503)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
26) Buffer overflow (CVE-ID: CVE-2023-21504)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
27) Buffer overflow (CVE-ID: CVE-2023-21494)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the authentication API in mm_Authentication.c in Shannon baseband. An attacker with physical proximity to device can trigger memory corruption and perform a denial of service (DoS) attack.
28) Out-of-bounds write (CVE-ID: CVE-2023-21489)
The vulnerability allows an attacker to compromise the vulnerable device.
The vulnerability exists due to a boundary error in bootloader. An attacker with physical access to device can trigger an out-of-bounds write and execute arbitrary code on the system..
29) Out-of-bounds write (CVE-ID: CVE-2023-21499)
The vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to a boundary error in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
30) Improper access control (CVE-ID: CVE-2023-21495)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Knox Enrollment Service. A local application can bypass implemented security restrictions and install KSP app when device admin is set.
31) Improper access control (CVE-ID: CVE-2023-21490)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in GearManagerStub. A local application can bypass implemented security restrictions and delete applications installed by watchmanager.
32) Improper access control (CVE-ID: CVE-2023-21491)
The vulnerability allows a local application to compromise the affected device.
The vulnerability exists due to improper access restrictions in ThemeManager. A local application can write arbitrary files with system privileges.
33) Inclusion of sensitive information in log files (CVE-ID: CVE-2023-21492)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to kernel pointers are printed into the log file. A local application can read the log file and use the kernel pointers to bypass ASLR protection.
Note, the vulnerability is being exploited in the wild.
34) Active debug code (CVE-ID: CVE-2023-21496)
The vulnerability allows an attacker to escalate privileges on the device.
The vulnerability exists due to presence of an active debug code in ActivityManagerService. An attacker with physical access to device can use debug function via setting the debug level.
35) Format string error (CVE-ID: CVE-2023-21497)
The vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to a format string error in mPOS TUI trustlet. A local application can supply a specially crafted input that contains format string specifiers and execute arbitrary code on the target system.
36) Out-of-bounds write (CVE-ID: CVE-2023-21498)
The vulnerability allows a local application to escalate privileges on the device.
The vulnerability exists due to a boundary error in setPartnerTAInfo in mPOS TUI trustlet. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
37) Improper input validation (CVE-ID: CVE-2023-20993)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-39617)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions within the Android framework. A local application can escalate privileges on the system.
39) Double Free (CVE-ID: CVE-2022-33231)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.
40) Use-after-free (CVE-ID: CVE-2022-42716)
The vulnerability allows a local application to escalate privileges on the system.
41) Input validation error (CVE-ID: CVE-2021-0879)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
42) Input validation error (CVE-ID: CVE-2021-0880)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
43) Input validation error (CVE-ID: CVE-2021-0881)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
44) Input validation error (CVE-ID: CVE-2021-0882)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
45) Input validation error (CVE-ID: CVE-2021-0883)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
46) Input validation error (CVE-ID: CVE-2021-0884)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
47) Input validation error (CVE-ID: CVE-2021-0873)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
48) Use-after-free (CVE-ID: CVE-2022-33917)
The vulnerability allows a local application to execute arbitrary code with escalated privileges.
The vulnerability exists due to a use-after-free error when processing GPU. A local application can execute arbitrary code with elevated privileges.
49) Input validation error (CVE-ID: CVE-2021-0874)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
50) Use-after-free (CVE-ID: CVE-2022-36449)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error. A local application can execute arbitrary code with elevated privileges.
51) Use-after-free (CVE-ID: CVE-2022-38181)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, this vulnerability is known to be exploited in targeted attacks spotted in November 2022.
52) Use-after-free (CVE-ID: CVE-2022-41757)
The vulnerability allows a local application to escalate privileges on the system.
53) Out-of-bounds write (CVE-ID: CVE-2022-32599)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a logic error within rpmb. A local privileged application can execute arbitrary code.
54) Improper Validation of Array Index (CVE-ID: CVE-2022-33302)
The vulnerability allows a local attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in User Identity Module. A local attacker can execute arbitrary code.
55) Improper Validation of Array Index (CVE-ID: CVE-2022-33289)
The vulnerability allows a local attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Modem. A local attacker can execute arbitrary code.
56) Buffer overflow (CVE-ID: CVE-2022-33288)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.
57) Input validation error (CVE-ID: CVE-2021-0878)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
58) Input validation error (CVE-ID: CVE-2021-0875)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
59) Out-of-bounds write (CVE-ID: CVE-2022-47337)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the Media service in Android. A local application can read and manipulate data.
60) Out-of-bounds write (CVE-ID: CVE-2023-20657)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within mtee. A local privileged application can execute arbitrary code.
61) Information exposure (CVE-ID: CVE-2022-47338)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to a missing permission check within the email service in Android. A local application can read and manipulate data.
62) Buffer overflow (CVE-ID: CVE-2022-47336)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing permission check within the Telecom service in Android. A local privileged application can execute arbitrary code.
63) Buffer overflow (CVE-ID: CVE-2022-47335)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing permission check within the Telecom service in Android. A local privileged application can execute arbitrary code.
64) Buffer over-read (CVE-ID: CVE-2022-40503)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Bluetooth Host.. A remote attacker can read and manipulate data.
65) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2022-33270)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.
66) Integer underflow (CVE-ID: CVE-2023-21630)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Multimedia Framework. A local application can execute arbitrary code.
67) Integer overflow (CVE-ID: CVE-2022-33269)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.
68) Improper input validation (CVE-ID: CVE-2023-20653)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.
69) Input validation error (CVE-ID: CVE-2021-0876)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
70) Improper input validation (CVE-ID: CVE-2023-20652)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.
71) Improper input validation (CVE-ID: CVE-2023-20654)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can execute arbitrary code.
72) Write-what-where Condition (CVE-ID: CVE-2023-20656)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a logic error within geniezone. A local privileged application can execute arbitrary code.
73) Buffer overflow (CVE-ID: CVE-2023-20941)
The vulnerability allows a local application to execute arbitrary code with elevated privileges.
The vulnerability exists due to a boundary error in drivers/usb/gadget/function/f_accessory.c. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
74) Use-after-free (CVE-ID: CVE-2022-4696)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in io_uring and the IORING_OP_SPLICE operation. A local user can trigger a use-after-free error and escalate privileges on the system.
75) Input validation error (CVE-ID: CVE-2021-0885)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
76) Input validation error (CVE-ID: CVE-2021-0872)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient input validation within PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Remediation
Install update from vendor's website.