Samsung Android vulnerabilities

CVE-2024-20897 [MEDIUM] CVE-2024-20897: Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2 Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

CVE-2024-34590 [MEDIUM] CVE-2024-34590: Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Ju Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

CVE-2024-20900 [LOW] CWE-287 CVE-2024-20900: Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.

CVE-2024-34586 [LOW] CVE-2024-34586: Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local att Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.

CVE-2024-34583 [LOW] CVE-2024-34583: Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.

CVE-2024-20879 [HIGH] CVE-2024-20879: Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows loca Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory.

CVE-2024-20884 [HIGH] CVE-2024-20884: Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prio Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.

CVE-2024-20883 [HIGH] CVE-2024-20883: Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.

CVE-2024-20876 [HIGH] CVE-2024-20876: Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local atta Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local attackers to lead to memory corruption.

CVE-2024-20874 [HIGH] CVE-2024-20874: Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities.

CVE-2024-20878 [HIGH] CWE-787 CVE-2024-20878: Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.

CVE-2024-20877 [HIGH] CWE-787 CVE-2024-20877: Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.

CVE-2024-20875 [MEDIUM] CVE-2024-20875: Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows l Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files.

CVE-2024-20882 [MEDIUM] CWE-125 CVE-2024-20882: Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical atta Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.

CVE-2024-20880 [MEDIUM] CWE-787 CVE-2024-20880: Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physi Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory.

CVE-2024-20873 [MEDIUM] CWE-787 CVE-2024-20873: Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows loc Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2024-20881 [MEDIUM] CVE-2024-20881: Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution.

CVE-2024-20885 [LOW] CVE-2024-20885: Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission.

CVE-2024-20864 [MEDIUM] CVE-2024-20864: Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows lo Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.

CVE-2024-20862 [MEDIUM] CWE-787 CVE-2024-20862: Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.