Samsung Android vulnerabilities

CVE-2024-20858 [MEDIUM] CVE-2024-20858: Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

CVE-2024-20859 [MEDIUM] CVE-2024-20859: Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.

CVE-2024-20863 [MEDIUM] CWE-787 CVE-2024-20863: Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privil Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

CVE-2024-20866 [MEDIUM] CVE-2024-20866: Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical a Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.

CVE-2024-20865 [MEDIUM] CVE-2024-20865: Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to fla Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.

CVE-2024-20856 [MEDIUM] CWE-287 CVE-2024-20856: Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physic Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.

CVE-2024-20861 [MEDIUM] CWE-416 CVE-2024-20861: Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged a Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.

CVE-2024-20857 [MEDIUM] CVE-2024-20857: Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

CVE-2024-20872 [LOW] CVE-2024-20872: Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.

CVE-2024-20860 [LOW] CVE-2024-20860: Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.

CVE-2024-20855 [LOW] CVE-2024-20855: Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allo Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.

CVE-2024-20844 [HIGH] CWE-787 CVE-2024-20844: Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

CVE-2024-20845 [HIGH] CWE-787 CVE-2024-20845: Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Relea Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

CVE-2024-20849 [HIGH] CWE-787 CVE-2024-20849: Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Ap Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code.

CVE-2024-20846 [HIGH] CWE-787 CVE-2024-20846: Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

CVE-2024-20848 [HIGH] CWE-787 CVE-2024-20848: Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory.

CVE-2024-20843 [MEDIUM] CWE-787 CVE-2024-20843: Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-202 Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code.

CVE-2024-20842 [MEDIUM] CWE-787 CVE-2024-20842: Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2024-20847 [LOW] CVE-2024-20847: Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allow Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.

CVE-2023-52432 [HIGH] CWE-787 CVE-2023-52432: Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 a Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.