Samsung Android vulnerabilities

CVE-2023-30656 [HIGH] CWE-20 CVE-2023-30656: Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attack Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.

CVE-2023-30651 [HIGH] CWE-787 CVE-2023-30651: Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Releas Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

CVE-2023-30655 [HIGH] CWE-20 CVE-2023-30655: Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE-2023-30652 [HIGH] CWE-787 CVE-2023-30652: Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Re Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

CVE-2023-30659 [HIGH] CWE-20 CVE-2023-30659: Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE-2023-30645 [HIGH] CWE-787 CVE-2023-30645: Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

CVE-2023-30657 [HIGH] CWE-20 CVE-2023-30657: Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE-2023-30649 [HIGH] CWE-787 CVE-2023-30649: Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allo Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

CVE-2023-30663 [HIGH] CWE-20 CVE-2023-30663: Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul- Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

CVE-2023-30643 [HIGH] CWE-306 CVE-2023-30643: Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.

CVE-2023-30646 [HIGH] CWE-787 CVE-2023-30646: Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

CVE-2023-30666 [HIGH] CWE-787 CVE-2023-30666: Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

CVE-2023-30658 [HIGH] CWE-20 CVE-2023-30658: Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

CVE-2023-30670 [HIGH] CWE-787 CVE-2023-30670: Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

CVE-2023-30642 [MEDIUM] CWE-269 CVE-2023-30642: Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.

CVE-2023-30661 [MEDIUM] CVE-2023-30661: Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SM Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

CVE-2023-30671 [MEDIUM] CVE-2023-30671: Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local att Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.

CVE-2023-30648 [MEDIUM] CWE-787 CVE-2023-30648: Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Rel Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.

CVE-2023-30662 [MEDIUM] CVE-2023-30662: Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

CVE-2023-30665 [MEDIUM] CWE-125 CVE-2023-30665: Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Rele Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.