Multiple vulnerabilities in Samsung Mobile Firmware
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 52 |
| CVE-ID | CVE-2023-21121 CVE-2023-21126 CVE-2023-21128 CVE-2023-21129 CVE-2023-21131 CVE-2023-21139 CVE-2023-21105 CVE-2023-21136 CVE-2023-21137 CVE-2023-21143 CVE-2023-21115 CVE-2023-21122 CVE-2022-47488 CVE-2023-21123 CVE-2023-21124 CVE-2023-21135 CVE-2023-21138 CVE-2023-21095 CVE-2023-21141 CVE-2023-21142 CVE-2023-21144 CVE-2023-21513 CVE-2023-21517 CVE-2023-21512 CVE-2023-0266 CVE-2022-47486 CVE-2023-21127 CVE-2023-20698 CVE-2023-21108 CVE-2023-21130 CVE-2023-26085 CVE-2022-46396 CVE-2022-46891 CVE-2022-46395 CVE-2022-46394 CVE-2021-0877 CVE-2023-21102 CVE-2023-21106 CVE-2023-20697 CVE-2023-20726 CVE-2022-47470 CVE-2023-20694 CVE-2023-20695 CVE-2023-20696 CVE-2023-21665 CVE-2023-21666 CVE-2022-40508 CVE-2022-40504 CVE-2022-34144 CVE-2022-33305 CVE-2022-47487 CVE-2022-47469 |
| CWE-ID | CWE-20 CWE-200 CWE-119 CWE-269 CWE-787 CWE-284 CWE-416 CWE-121 CWE-125 CWE-254 CWE-415 CWE-704 CWE-401 CWE-617 CWE-476 CWE-120 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #25 is being exploited in the wild. |
| Vulnerable software |
Samsung Mobile Firmware Mobile applications / Mobile firmware & hardware |
| Vendor | Samsung |
Security Bulletin
This security bulletin contains information about 52 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU76957
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21121
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU76945
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU76946
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21128
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU76947
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU76948
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21131
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU76949
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21139
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information exposure
EUVDB-ID: #VU76950
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21105
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU76951
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21136
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper input validation
EUVDB-ID: #VU76952
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21137
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper input validation
EUVDB-ID: #VU76953
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21143
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU76956
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21115
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper input validation
EUVDB-ID: #VU76958
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21122
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory corruption
EUVDB-ID: #VU75873
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47488
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to damange or delete data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the spipe drive in Kernel. A local application can damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper input validation
EUVDB-ID: #VU76959
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21123
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper input validation
EUVDB-ID: #VU76960
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21124
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper input validation
EUVDB-ID: #VU76961
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21135
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper input validation
EUVDB-ID: #VU76962
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21138
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information exposure
EUVDB-ID: #VU76963
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21095
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Information exposure
EUVDB-ID: #VU76964
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21141
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Information exposure
EUVDB-ID: #VU76965
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21142
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper input validation
EUVDB-ID: #VU76966
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the System component. A local application can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper Privilege Management
EUVDB-ID: #VU76975
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21513
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the device.
The vulnerability exists due to improper privilege management in CC Mode. An attacker with physical access to device can escalate privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds write
EUVDB-ID: #VU76976
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21517
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Exynos baseband. A remote attacker with physical proximity to device can trigger an out-of-bounds write and execute arbitrary code on the target device.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper access control
EUVDB-ID: #VU76977
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21512
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to gain access to sensitive information.
The vulnerability exists due to improper Knox ID validation logic in notification framework. A malicious application can read work profile notifications without proper access permission.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU71482
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-0266
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_ctl_elem_read() function in the Linux kernel sound subsystem. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
26) Stack-based buffer overflow
EUVDB-ID: #VU75871
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47486
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU76944
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21127
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper input validation
EUVDB-ID: #VU75748
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20698
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper input validation
EUVDB-ID: #VU76954
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21108
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU76955
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21130
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Buffer overflow
EUVDB-ID: #VU76227
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-26085
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Arm NNAPI driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU74393
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-46396
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU74387
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-46891
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU74388
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-46395
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU74389
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-46394
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Buffer overflow
EUVDB-ID: #VU76226
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-0877
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in PowerVR-GPU. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Security features bypass
EUVDB-ID: #VU76224
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21102
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Double Free
EUVDB-ID: #VU76225
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21106
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the adreno_set_param() function in adreno_gpu.c. A local application can trigger a double free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Improper input validation
EUVDB-ID: #VU75747
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20697
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to a missing bounds check within keyinstall. A local privileged application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper Access Control
EUVDB-ID: #VU75743
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20726
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a missing permission check within mnld. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Stack-based buffer overflow
EUVDB-ID: #VU75870
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47470
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper input validation
EUVDB-ID: #VU75744
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20694
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Improper input validation
EUVDB-ID: #VU75745
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20695
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper input validation
EUVDB-ID: #VU75746
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-20696
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within preloader. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Type conversion
EUVDB-ID: #VU75621
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21665
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU75622
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21666
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Reachable Assertion
EUVDB-ID: #VU75618
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40508
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Reachable Assertion
EUVDB-ID: #VU75616
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40504
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Reachable Assertion
EUVDB-ID: #VU75615
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-34144
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL Pointer Dereference
EUVDB-ID: #VU75614
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-33305
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Modem. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU75872
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47487
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the thermal service in Android. A remote attacker can trick the victim to open a specially crafted file and read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds write
EUVDB-ID: #VU75869
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47469
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to compromise the affected device.
The vulnerability exists due to a possible out of bounds read due to a missing bounds check within the ext4fsfilter driver in Kernel. A local privileged application can compromise the affected device.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JUN-2023
CPE2.3 External linkshttp://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
