Samsung Android vulnerabilities
448 known vulnerabilities affecting samsung/android.
Total CVEs
448
CISA KEV
12
actively exploited
Public exploits
0
Exploited in wild
10
Severity breakdown
CRITICAL9HIGH160MEDIUM218LOW61
Vulnerabilities
Page 7 of 23
CVE-2025-20903HIGHCVSS 7.3v12.0v13.0+2 more2025-03-06
CVE-2025-20903 [HIGH] CVE-2025-20903: Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local atta
Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20909MEDIUMCVSS 5.5v14.02025-03-06
CVE-2025-20909 [MEDIUM] CVE-2025-20909: Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allow
Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.
nvd
CVE-2025-20908MEDIUMCVSS 6.5v14.0v15.02025-03-06
CVE-2025-20908 [MEDIUM] CVE-2025-20908: Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent atta
Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting.
nvd
CVE-2025-20882HIGHCVSS 7.8v12.0v13.0+1 more2025-02-04
CVE-2025-20882 [HIGH] CWE-787 CVE-2025-20882: Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-20
Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20881HIGHCVSS 7.8v12.0v13.0+1 more2025-02-04
CVE-2025-20881 [HIGH] CWE-787 CVE-2025-20881: Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SM
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20890HIGHCVSS 7.8v12.0v13.0+1 more2025-02-04
CVE-2025-20890 [HIGH] CWE-787 CVE-2025-20890: Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows
Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20888HIGHCVSS 7.8v12.0v13.0+1 more2025-02-04
CVE-2025-20888 [HIGH] CWE-787 CVE-2025-20888: Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Rel
Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20889MEDIUMCVSS 5.5v12.0v13.0+1 more2025-02-04
CVE-2025-20889 [MEDIUM] CWE-787 CVE-2025-20889: Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025
Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20883MEDIUMCVSS 4.6v12.0v13.0+1 more2025-02-04
CVE-2025-20883 [MEDIUM] CVE-2025-20883: Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to
Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
nvd
CVE-2025-20905MEDIUMCVSS 6.7v12.0v13.0+1 more2025-02-04
CVE-2025-20905 [MEDIUM] CWE-125 CVE-2025-20905: Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privi
Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
nvd
CVE-2025-20907MEDIUMCVSS 4.4v12.0v13.0+1 more2025-02-04
CVE-2025-20907 [MEDIUM] CVE-2025-20907: Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privilege
Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
nvd
CVE-2025-20885MEDIUMCVSS 6.7v12.0v13.0+1 more2025-02-04
CVE-2025-20885 [MEDIUM] CWE-787 CVE-2025-20885: Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged atta
Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
nvd
CVE-2025-20904MEDIUMCVSS 6.7v12.0v13.0+1 more2025-02-04
CVE-2025-20904 [MEDIUM] CWE-787 CVE-2025-20904: Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged att
Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
nvd
CVE-2025-20892MEDIUMCVSS 5.9v13.0v14.02025-02-04
CVE-2025-20892 [MEDIUM] CVE-2025-20892: Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers
Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20893MEDIUMCVSS 5.1v14.02025-02-04
CVE-2025-20893 [MEDIUM] CVE-2025-20893: Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attacker
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.
nvd
CVE-2025-20891MEDIUMCVSS 5.5v12.0v13.0+1 more2025-02-04
CVE-2025-20891 [MEDIUM] CWE-125 CVE-2025-20891: Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR
Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20887MEDIUMCVSS 5.5v12.0v13.0+1 more2025-02-04
CVE-2025-20887 [MEDIUM] CWE-125 CVE-2025-20887: Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1
Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
nvd
CVE-2025-20884MEDIUMCVSS 4.6v12.0v13.0+1 more2025-02-04
CVE-2025-20884 [MEDIUM] CVE-2025-20884: Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers
Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
nvd
CVE-2025-20886MEDIUMCVSS 4.4v12.0v13.0+1 more2025-02-04
CVE-2025-20886 [MEDIUM] CWE-922 CVE-2025-20886: Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1
Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
nvd
CVE-2024-49422LOWCVSS 3.9v13.02024-12-31
CVE-2024-49422 [LOW] CVE-2024-49422: Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers
Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.
nvd