Samsung Android vulnerabilities

CVE-2025-21048 [HIGH] CWE-22 CVE-2025-21048: Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.

CVE-2025-21051 [HIGH] CWE-787 CVE-2025-21051: Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Relea Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.

CVE-2025-21050 [MEDIUM] CVE-2025-21050: Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to acc Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.

CVE-2025-21044 [MEDIUM] CWE-787 CVE-2025-21044: Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2025-21054 [MEDIUM] CWE-125 CVE-2025-21054: Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Relea Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.

CVE-2025-21047 [MEDIUM] CVE-2025-21047: Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to us Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.

CVE-2025-21049 [MEDIUM] CVE-2025-21049: Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to acc Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

CVE-2025-21046 [LOW] CVE-2025-21046: Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physi Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.

CVE-2025-21042 [CRITICAL] CWE-787 CVE-2025-21042: Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attacker Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

CVE-2025-21043 [CRITICAL] CWE-787 CVE-2025-21043: Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attacker Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

CVE-2023-21474 [HIGH] CVE-2023-21474: Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.

CVE-2025-21034 [HIGH] CWE-787 CVE-2025-21034: Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potent Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.

CVE-2023-21468 [HIGH] CVE-2023-21468: Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.

CVE-2023-21480 [HIGH] CVE-2023-21480: Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local att Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.

CVE-2023-21475 [HIGH] CWE-787 CVE-2023-21475: Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 a Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.

CVE-2023-21476 [HIGH] CWE-787 CVE-2023-21476: Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 a Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.

CVE-2025-21027 [MEDIUM] CVE-2025-21027: Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.

CVE-2023-21479 [MEDIUM] CVE-2023-21479: Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01 Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.

CVE-2025-21031 [MEDIUM] CWE-284 CVE-2025-21031: Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.

CVE-2023-21473 [MEDIUM] CWE-20 CVE-2023-21473: Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.