Samsung Android vulnerabilities

CVE-2023-21493 [MEDIUM] CWE-284 CVE-2023-21493: Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.

CVE-2023-21492 [MEDIUM] CWE-532 CVE-2023-21492: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged loca Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

CVE-2023-21496 [MEDIUM] CWE-489 CVE-2023-21496: Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows att Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.

CVE-2023-21500 [MEDIUM] CWE-415 CVE-2023-21500: Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 R Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.

CVE-2023-21495 [MEDIUM] CWE-284 CVE-2023-21495: Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 all Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.

CVE-2023-21486 [MEDIUM] CWE-926 CVE-2023-21486: Improper export of android application components vulnerability in ImagePreviewActivity in Call Sett Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

CVE-2023-21487 [LOW] CWE-287 CVE-2023-21487: Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.

CVE-2023-21459 [CRITICAL] CWE-416 CVE-2023-21459: Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cau Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.

CVE-2023-21457 [HIGH] CWE-284 CVE-2023-21457: Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.

CVE-2023-21461 [MEDIUM] CWE-285 CVE-2023-21461: Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-202 Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.

CVE-2023-21453 [MEDIUM] CWE-20 CVE-2023-21453: Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local a Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.

CVE-2023-21449 [MEDIUM] CWE-200 CVE-2023-21449: Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows loc Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.

CVE-2023-21456 [MEDIUM] CWE-22 CVE-2023-21456: Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacke Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.

CVE-2023-21460 [MEDIUM] CWE-287 CVE-2023-21460: Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.

CVE-2023-21458 [LOW] CWE-269 CVE-2023-21458: Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-20 Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.

CVE-2023-21452 [LOW] CWE-285 CVE-2023-21452: Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to ge Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.

CVE-2023-21454 [LOW] CWE-285 CVE-2023-21454: Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.

CVE-2023-21430 [HIGH] CWE-125 CVE-2023-21430: An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung. An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.

CVE-2023-21451 [HIGH] CWE-20 CVE-2023-21451: A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allow A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.

CVE-2023-21420 [HIGH] CWE-134 CVE-2023-21420: Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.