Multiple vulnerabilities in Samsung Mobile Firmware
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 81 |
| CVE-ID | CVE-2022-48454 CVE-2024-0018 CVE-2024-0015 CVE-2023-21245 CVE-2023-32818 CVE-2022-48456 CVE-2022-48461 CVE-2022-48455 CVE-2022-48459 CVE-2024-0019 CVE-2022-48458 CVE-2022-48457 CVE-2023-45779 CVE-2023-33087 CVE-2023-33053 CVE-2023-33063 CVE-2023-33106 CVE-2023-33107 CVE-2024-0023 CVE-2024-0021 CVE-2023-33079 CVE-2023-32843 CVE-2024-20803 CVE-2024-20804 CVE-2024-20805 CVE-2024-20802 CVE-2024-20806 CVE-2023-5129 CVE-2023-4863 CVE-2023-32845 CVE-2023-32841 CVE-2023-35671 CVE-2023-32846 CVE-2023-32844 CVE-2023-32842 CVE-2023-40120 CVE-2023-21266 CVE-2024-0020 CVE-2024-0017 CVE-2024-0016 CVE-2023-33092 CVE-2023-33097 CVE-2022-40507 CVE-2023-21164 CVE-2023-35690 CVE-2023-21263 CVE-2023-21402 CVE-2023-21401 CVE-2023-21217 CVE-2023-21162 CVE-2023-21163 CVE-2023-21166 CVE-2023-32847 CVE-2023-21218 CVE-2023-21216 CVE-2023-21228 CVE-2023-21227 CVE-2023-21215 CVE-2023-3889 CVE-2023-32804 CVE-2023-4272 CVE-2023-21403 CVE-2023-32848 CVE-2023-33080 CVE-2023-33054 CVE-2023-33088 CVE-2023-33098 CVE-2023-33089 CVE-2023-33081 CVE-2023-33018 CVE-2023-28551 CVE-2023-28550 CVE-2023-33022 CVE-2023-32851 CVE-2023-28586 CVE-2023-28585 CVE-2023-28546 CVE-2023-33017 CVE-2023-21662 CVE-2023-21664 CVE-2023-21652 CVE-2022-22076 |
| CWE-ID | CWE-120 CWE-20 CWE-697 CWE-119 CWE-121 CWE-732 CWE-200 CWE-129 CWE-416 CWE-823 CWE-190 CWE-617 CWE-287 CWE-22 CWE-284 CWE-122 CWE-126 CWE-415 CWE-787 CWE-476 CWE-131 CWE-320 CWE-310 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #13 is available. Vulnerability #16 is being exploited in the wild. Vulnerability #17 is being exploited in the wild. Vulnerability #18 is being exploited in the wild. Vulnerability #28 is being exploited in the wild. Public exploit code for vulnerability #31 is available. |
| Vulnerable software Subscribe |
Samsung Mobile Firmware Mobile applications / Mobile firmware & hardware |
| Vendor | Samsung |
Security Bulletin
This security bulletin contains information about 81 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU83759
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48454
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU84957
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0018
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Media Codecs component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU84956
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2024-0015
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Improper input validation
EUVDB-ID: #VU77973
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21245
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Incorrect Comparison
EUVDB-ID: #VU82803
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32818
CWE-ID:
CWE-697 - Incorrect Comparison
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to type confusion within vdec. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU83761
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48456
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a incorrect bounds check within the camera driver in Kernel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Stack-based buffer overflow
EUVDB-ID: #VU83765
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48461
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the sensor driver in Kernel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU83760
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48455
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a possible out of bounds write due to a missing bounds check within the wifi service in Android. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Incorrect Permission Assignment for Critical Resource
EUVDB-ID: #VU83764
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48459
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information exposure
EUVDB-ID: #VU84959
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0019
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Incorrect Permission Assignment for Critical Resource
EUVDB-ID: #VU83763
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48458
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Incorrect Permission Assignment for Critical Resource
EUVDB-ID: #VU83762
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48457
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local application to crash the entire system.
The vulnerability exists due to a possible system crash due to improper input validation within the TeleService in Android. A local application can crash the entire system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU83848
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-45779
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the System UI in Misc OEM components. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Buffer overflow
EUVDB-ID: #VU83670
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33087
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper Validation of Array Index
EUVDB-ID: #VU83666
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33053
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Kernel. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU81473
Risk: High
CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-33063
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error during a remote call from HLOS to DSP. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
17) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU81471
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-33106
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
18) Integer overflow
EUVDB-ID: #VU81472
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-33107
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow while assigning shared virtual memory region during IOCTL call. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
19) Improper input validation
EUVDB-ID: #VU84958
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0023
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper input validation
EUVDB-ID: #VU84960
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0021
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU83669
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33079
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Reachable Assertion
EUVDB-ID: #VU83815
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32843
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper Authentication
EUVDB-ID: #VU85081
Risk: Medium
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20803
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows an attacker to bypass authentication process.
The vulnerability exists due to an error in Bluetooth pairing process. An attacker with physical proximity to device can establish pairing process without user interaction.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Path traversal
EUVDB-ID: #VU85080
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20804
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences in FileUriConverter of MyFiles. A remote attacker can trick the victim to open a specially crafted archive and overwrite arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Path traversal
EUVDB-ID: #VU85079
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20805
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to input validation error when processing directory traversal sequences in ZipCompressor of MyFiles. A remote attacker can trick the victim to open a specially crafted archive and overwrite arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Improper access control
EUVDB-ID: #VU85078
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20802
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper access control
EUVDB-ID: #VU85077
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20806
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in Notification service. A local application can gain unauthorized access to potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Heap-based buffer overflow
EUVDB-ID: #VU80637
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-5129,CVE-2023-4863
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
29) Reachable Assertion
EUVDB-ID: #VU83817
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32845
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Reachable Assertion
EUVDB-ID: #VU83813
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32841
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Information exposure
EUVDB-ID: #VU80458
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-35671
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
32) Reachable Assertion
EUVDB-ID: #VU83818
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32846
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Reachable Assertion
EUVDB-ID: #VU83816
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32844
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Reachable Assertion
EUVDB-ID: #VU83814
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32842
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform service disruption.
The vulnerability exists due to improper error handling within 5G Modem. A local application can perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper input validation
EUVDB-ID: #VU81383
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-40120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper input validation
EUVDB-ID: #VU81381
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21266
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Information exposure
EUVDB-ID: #VU84964
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0020
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Information exposure
EUVDB-ID: #VU84963
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0017
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Information exposure
EUVDB-ID: #VU84962
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0016
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Buffer overflow
EUVDB-ID: #VU83671
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33092
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Bluetooth HOST. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Buffer over-read
EUVDB-ID: #VU83660
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33097
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Double Free
EUVDB-ID: #VU76853
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-40507
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Input validation error
EUVDB-ID: #VU83838
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21164
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Input validation error
EUVDB-ID: #VU83846
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35690
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Input validation error
EUVDB-ID: #VU83281
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21263
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an unspecified vulnerability in Linux kernel. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU83844
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21402
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Input validation error
EUVDB-ID: #VU83280
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21401
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an unspecified vulnerability in Linux kernel. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Input validation error
EUVDB-ID: #VU83841
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21217
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Input validation error
EUVDB-ID: #VU83836
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21162
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Input validation error
EUVDB-ID: #VU83837
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21163
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU83839
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21166
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds write
EUVDB-ID: #VU83801
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32847
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within audio. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Input validation error
EUVDB-ID: #VU83842
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21218
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use-after-free
EUVDB-ID: #VU83282
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21216
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in PowerVR GPU driver. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU83843
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21228
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Input validation error
EUVDB-ID: #VU83847
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21227
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Input validation error
EUVDB-ID: #VU83840
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21215
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU83835
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3889
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error caused by improper GPU memory processing operations. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Buffer overflow
EUVDB-ID: #VU80048
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32804
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error in Mali GPU Userspace Driver. A local application can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Use-after-free
EUVDB-ID: #VU83834
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4272
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error. A local user can gain access to sensitive kernel data.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Input validation error
EUVDB-ID: #VU83845
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21403
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in PowerVR-GPU. A local application can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Incorrect Comparison
EUVDB-ID: #VU83802
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32848
CWE-ID:
CWE-697 - Incorrect Comparison
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to type confusion within vdec. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Buffer over-read
EUVDB-ID: #VU83656
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33080
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper Authentication
EUVDB-ID: #VU83655
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33054
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in GPS HLOS Driver. A remote attacker can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) NULL Pointer Dereference
EUVDB-ID: #VU83658
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33088
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN Firmware. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Buffer over-read
EUVDB-ID: #VU83661
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33098
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) NULL Pointer Dereference
EUVDB-ID: #VU83659
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33089
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Buffer over-read
EUVDB-ID: #VU83657
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33081
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN Firmware. A remote attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Integer overflow
EUVDB-ID: #VU83650
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33018
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in User Identity Module. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Memory corruption
EUVDB-ID: #VU83645
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28551
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in UTILS. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Memory corruption
EUVDB-ID: #VU83644
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28550
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in MPP Performance. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Integer overflow
EUVDB-ID: #VU83651
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33022
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Incorrect Calculation of Buffer Size
EUVDB-ID: #VU83804
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32851
CWE-ID:
CWE-131 - Incorrect Calculation of Buffer Size
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within decoder. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Memory corruption
EUVDB-ID: #VU83647
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28586
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to gain access to sensitive information.
The vulnerability exists due to improper input validation in TZ Secure OS. A local privileged application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Integer overflow
EUVDB-ID: #VU83646
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28585
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in TZ Secure OS. A local privileged application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Buffer overflow
EUVDB-ID: #VU83643
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28546
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in SPS Applications. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Buffer overflow
EUVDB-ID: #VU83649
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-33017
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Boot. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Buffer overflow
EUVDB-ID: #VU80362
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21662
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core Platform. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Buffer overflow
EUVDB-ID: #VU80363
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21664
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Core Platform. A local application can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Key Management Errors
EUVDB-ID: #VU79028
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-21652
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in HLOS. A local application can read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Cryptographic Issues
EUVDB-ID: #VU76858
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-22076
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation in Core. A local application can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsSamsung Mobile Firmware: before SMR-JAN-2024
CPE2.3http://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
