Samsung Android vulnerabilities

CVE-2024-34641 [LOW] CVE-2024-34641: Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allo Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.

CVE-2024-34612 [HIGH] CWE-787 CVE-2024-34612: Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.

CVE-2024-34615 [HIGH] CWE-787 CVE-2024-34615: Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause mem Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.

CVE-2024-34614 [HIGH] CWE-787 CVE-2024-34614: Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute a Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.

CVE-2024-34620 [HIGH] CVE-2024-34620: Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attacker Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.

CVE-2024-34619 [HIGH] CVE-2024-34619: Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to ex Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

CVE-2024-34609 [MEDIUM] CVE-2024-34609: Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers t Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

CVE-2024-34606 [MEDIUM] CVE-2024-34606: Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

CVE-2024-34605 [MEDIUM] CVE-2024-34605: Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attacke Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

CVE-2024-34611 [MEDIUM] CVE-2024-34611: Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.

CVE-2024-34608 [MEDIUM] CVE-2024-34608: Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attack Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

CVE-2024-34604 [MEDIUM] CVE-2024-34604: Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

CVE-2024-34610 [MEDIUM] CVE-2024-34610: Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local atta Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.

CVE-2024-34607 [MEDIUM] CVE-2024-34607: Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attacker Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

CVE-2024-34616 [MEDIUM] CWE-276 CVE-2024-34616: Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 al Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.

CVE-2024-34617 [LOW] CWE-276 CVE-2024-34617: Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows loc Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.

CVE-2024-34618 [LOW] CVE-2024-34618: Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.

CVE-2024-34603 [MEDIUM] CVE-2024-34603: Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.

CVE-2024-34602 [MEDIUM] CVE-2024-34602: Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.

CVE-2024-34585 [HIGH] CVE-2024-34585: Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attack Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.