Samsung Android vulnerabilities

CVE-2024-20835 [HIGH] CVE-2024-20835: Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.

CVE-2024-20831 [MEDIUM] CWE-787 CVE-2024-20831: Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privilege Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

CVE-2024-20833 [MEDIUM] CWE-416 CVE-2024-20833: Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race cond Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.

CVE-2024-20836 [MEDIUM] CWE-125 CVE-2024-20836: Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Releas Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.

CVE-2024-20832 [MEDIUM] CWE-787 CVE-2024-20832: Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

CVE-2024-20830 [MEDIUM] CWE-276 CVE-2024-20830: Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to co Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.

CVE-2024-20834 [LOW] CVE-2024-20834: The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.

CVE-2024-20819 [HIGH] CWE-787 CVE-2024-20819: Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Relea Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

CVE-2024-20818 [HIGH] CWE-787 CVE-2024-20818: Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

CVE-2024-20817 [HIGH] CWE-787 CVE-2024-20817: Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

CVE-2024-20820 [HIGH] CWE-125 CVE-2024-20820: Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged atta Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.

CVE-2024-20813 [HIGH] CWE-787 CVE-2024-20813: Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local att Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

CVE-2024-20812 [HIGH] CWE-787 CVE-2024-20812: Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local att Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

CVE-2024-20815 [MEDIUM] CWE-287 CVE-2024-20815: Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Fe Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

CVE-2024-20814 [MEDIUM] CWE-125 CVE-2024-20814: Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.

CVE-2024-20816 [MEDIUM] CWE-287 CVE-2024-20816: Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR F Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

CVE-2024-20811 [LOW] CVE-2024-20811: Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.

CVE-2024-20810 [LOW] CWE-1021 CVE-2024-20810: Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.

CVE-2024-20806 [MEDIUM] CVE-2024-20806: Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacke Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.

CVE-2024-20805 [MEDIUM] CWE-22 CVE-2024-20805: Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.