Samsung Mobile Devices vulnerabilities

CVE-2023-21517 [CRITICAL] CWE-120 CVE-2023-21517: Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remo Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.

CVE-2023-21513 [MEDIUM] CWE-269 CVE-2023-21513: Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physic Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.

CVE-2023-21512 [LOW] CWE-269 CVE-2023-21512: Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows l Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.

CVE-2023-21494 [CRITICAL] CWE-20 CVE-2023-21494: Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

CVE-2023-21503 [CRITICAL] CWE-20 CVE-2023-21503: Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to S Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

CVE-2023-21504 [CRITICAL] CWE-20 CVE-2023-21504: Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR Ma Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

CVE-2023-21502 [HIGH] CWE-20 CVE-2023-21502: Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 a Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.

CVE-2023-21499 [HIGH] CWE-787 CVE-2023-21499: Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

CVE-2023-21490 [HIGH] CWE-284 CVE-2023-21490: Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker t Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.

CVE-2023-21498 [HIGH] CWE-20 CVE-2023-21498: Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-20 Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.

CVE-2023-21484 [HIGH] CWE-287 CVE-2023-21484: Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attack Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.

CVE-2023-21488 [HIGH] CWE-284 CVE-2023-21488: Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attacker Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.

CVE-2023-21497 [HIGH] CWE-134 CVE-2023-21497: Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.

CVE-2023-21491 [HIGH] CWE-284 CVE-2023-21491: Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local a Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.

CVE-2023-21501 [HIGH] CWE-20 CVE-2023-21501: Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 all Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

CVE-2023-21489 [MEDIUM] CWE-787 CVE-2023-21489: Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physic Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.

CVE-2023-21492 [MEDIUM] CWE-532 CVE-2023-21492: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged loca Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

CVE-2023-21486 [MEDIUM] CWE-926 CVE-2023-21486: Improper export of android application components vulnerability in ImagePreviewActivity in Call Sett Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

CVE-2023-21485 [MEDIUM] CWE-926 CVE-2023-21485: Improper export of android application components vulnerability in VideoPreviewActivity in Call Sett Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

CVE-2023-21493 [MEDIUM] CWE-284 CVE-2023-21493: Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.