Samsung Android vulnerabilities

CVE-2025-20964 [HIGH] CWE-787 CVE-2025-20964: Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows lo Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

CVE-2025-20954 [MEDIUM] CVE-2025-20954: Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 a Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

CVE-2025-20955 [MEDIUM] CVE-2025-20955: Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR M Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.

CVE-2025-20961 [MEDIUM] CVE-2025-20961: Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.

CVE-2025-20937 [MEDIUM] CWE-787 CVE-2025-20937: Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged at Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

CVE-2025-20958 [MEDIUM] CVE-2025-20958: Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.

CVE-2025-20959 [MEDIUM] CVE-2025-20959: Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Releas Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.

CVE-2025-20962 [MEDIUM] CVE-2025-20962: Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.

CVE-2025-20953 [MEDIUM] CVE-2025-20953: Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.

CVE-2025-20960 [LOW] CVE-2025-20960: Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 a Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.

CVE-2025-20952 [MEDIUM] CVE-2025-20952: Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to acc Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.

CVE-2025-20936 [HIGH] CVE-2025-20936: Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.

CVE-2025-20944 [HIGH] CWE-125 CVE-2025-20944: Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows loca Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory.

CVE-2025-20948 [HIGH] CWE-125 CVE-2025-20948: Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allo Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.

CVE-2025-20942 [MEDIUM] CVE-2025-20942: Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Relea Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.

CVE-2025-20947 [MEDIUM] CVE-2025-20947: Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability.

CVE-2025-20934 [MEDIUM] CWE-926 CVE-2025-20934: Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

CVE-2025-20943 [MEDIUM] CWE-787 CVE-2025-20943: Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attack Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.

CVE-2025-20938 [MEDIUM] CVE-2025-20938: Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.

CVE-2025-20941 [LOW] CVE-2025-20941: Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access t Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.