Samsung Android vulnerabilities

CVE-2024-20803 [MEDIUM] CWE-287 CVE-2024-20803: Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 a Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.

CVE-2024-20804 [MEDIUM] CWE-22 CVE-2024-20804: Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Andro Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

CVE-2023-42562 [HIGH] CWE-190 CVE-2023-42562: Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.c Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

CVE-2023-42560 [HIGH] CWE-787 CVE-2023-42560: Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Releas Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.

CVE-2023-42563 [HIGH] CWE-190 CVE-2023-42563: Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsun Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

CVE-2023-42558 [HIGH] CWE-787 CVE-2023-42558: Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.

CVE-2023-42566 [HIGH] CWE-787 CVE-2023-42566: Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.

CVE-2023-42567 [HIGH] CWE-787 CVE-2023-42567: Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buf Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.

CVE-2023-42556 [MEDIUM] CVE-2023-42556: Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.

CVE-2023-42557 [MEDIUM] CWE-787 CVE-2023-42557: Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system at Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

CVE-2023-42559 [MEDIUM] CWE-755 CVE-2023-42559: Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Kno Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.

CVE-2023-42568 [MEDIUM] CVE-2023-42568: Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.

CVE-2023-42565 [MEDIUM] CVE-2023-42565: Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local a Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.

CVE-2023-42561 [MEDIUM] CWE-787 CVE-2023-42561: Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physic Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.

CVE-2023-42564 [MEDIUM] CVE-2023-42564: Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to sen Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.

CVE-2023-42570 [LOW] CVE-2023-42570: Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 al Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

CVE-2023-42569 [LOW] CWE-863 CVE-2023-42569: Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.

CVE-2023-42531 [HIGH] CWE-287 CVE-2023-42531: Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local a Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.

CVE-2023-42529 [HIGH] CWE-787 CVE-2023-42529: Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.

CVE-2023-42532 [HIGH] CWE-295 CVE-2023-42532: Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker t Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.