Samsung Android vulnerabilities

CVE-2026-20972 [MEDIUM] CVE-2026-20972: Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.

CVE-2026-20970 [MEDIUM] CVE-2026-20970: Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execu Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.

CVE-2026-20974 [MEDIUM] CVE-2026-20974: Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 al Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.

CVE-2026-20968 [MEDIUM] CWE-416 CVE-2026-20968: Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execu Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.

CVE-2026-20969 [LOW] CVE-2026-20969: Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to ac Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.

CVE-2025-58479 [MEDIUM] CWE-125 CVE-2025-58479: Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-58478 [MEDIUM] CWE-787 CVE-2025-58478: Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attacker Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-21080 [MEDIUM] CVE-2025-21080: Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Releas Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.

CVE-2025-58480 [MEDIUM] CWE-787 CVE-2025-58480: Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote a Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-21072 [MEDIUM] CWE-787 CVE-2025-21072: Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 all Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2025-58476 [MEDIUM] CWE-125 CVE-2025-58476: Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attac Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.

CVE-2025-58475 [MEDIUM] CVE-2025-58475: Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged a Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2025-58477 [MEDIUM] CWE-787 CVE-2025-58477: Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 all Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-21075 [MEDIUM] CWE-787 CVE-2025-21075: Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attacker Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-21074 [MEDIUM] CWE-125 CVE-2025-21074: Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.

CVE-2025-21073 [MEDIUM] CVE-2025-21073: Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privile Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.

CVE-2025-21071 [MEDIUM] CWE-787 CVE-2025-21071: Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allow Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2025-21053 [MEDIUM] CWE-787 CVE-2025-21053: Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Rele Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

CVE-2025-21052 [MEDIUM] CWE-787 CVE-2025-21052: Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so pr Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

CVE-2025-21055 [MEDIUM] CWE-125 CVE-2025-21055: Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.