Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 1 of 19
CVE-2022-22265P1HIGHCVSS 7.8KEV≥ O(8.x), P(9.0), Q(10.0), R(11.0), S(12.0), < SMR Jan-2022 Release 12022-01-10
CVE-2022-22265 [HIGH] CWE-703 CVE-2022-22265: An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
nvd
CVE-2021-25337P1HIGHCVSS 7.1KEV≥ Selected P(9.0), Q(10.0), R(11.0), < SMR Mar-2021 Release 12021-03-04
CVE-2021-25337 [HIGH] CWE-269 CVE-2021-25337: Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
nvd
CVE-2021-25489P2MEDIUMCVSS 5.5KEV≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25489 [MEDIUM] CWE-20 CVE-2021-25489: Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
nvd
CVE-2021-25487P2HIGHCVSS 7.8KEV≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25487 [HIGH] CWE-125 CVE-2021-25487: Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
nvd
CVE-2021-25394P2MEDIUMCVSS 6.4KEV≥ O(8.x), P(9.0), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25394 [MEDIUM] CWE-416 CVE-2021-25394: A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Releas
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
nvd
CVE-2021-25369P2MEDIUMCVSS 5.5KEV≥ O(8.x), P(9.0), Q(10.0), < SMR Mar-2021 Release 12021-03-26
CVE-2021-25369 [MEDIUM] CWE-200 CVE-2021-25369: An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sen
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
nvd
CVE-2021-25372P2MEDIUMCVSS 6.7KEV≥ Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830, < SMR Mar-2021 Release 12021-03-26
CVE-2021-25372 [MEDIUM] CWE-787 CVE-2021-25372: An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
nvd
CVE-2021-25370P2MEDIUMCVSS 4.4KEV≥ Selected O(8.X), P(9.0), Q(10.0), R(11.0) , < SMR Mar-2021 Release 12021-03-26
CVE-2021-25370 [MEDIUM] CWE-416 CVE-2021-25370: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 r
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
nvd
CVE-2021-25395P2MEDIUMCVSS 6.4KEV≥ O(8.x), P(9.0), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25395 [MEDIUM] CWE-362 CVE-2021-25395: A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to byp
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
nvd
CVE-2023-21492P2MEDIUMCVSS 4.4KEV≥ Selected Android 11, 12, 13 devices, < SMR May-2023 Release 12023-05-04
CVE-2023-21492 [MEDIUM] CWE-532 CVE-2023-21492: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged loca
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
nvd
CVE-2021-25371P2MEDIUMCVSS 6.7KEV≥ Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830, < SMR Mar-2021 Release 12021-03-26
CVE-2021-25371 [MEDIUM] CWE-912 CVE-2021-25371: A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF li
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
nvd
CVE-2023-21517P3CRITICALCVSS 9.8≥ Select devices using Exynos CP chipsets, < SMR Jun-2023 Release 12023-06-28
CVE-2023-21517 [CRITICAL] CWE-120 CVE-2023-21517: Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remo
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
nvd
CVE-2022-25818P3CRITICALCVSS 9.8≥ S(12), < SMR Mar-2022 Release 12022-03-10
CVE-2022-25818 [CRITICAL] CWE-20 CVE-2022-25818: Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.
nvd
CVE-2021-25387P3CRITICALCVSS 10.0≥ O(8.1), P(9.x), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25387 [CRITICAL] CWE-122 CVE-2021-25387: An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior t
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
nvd
CVE-2023-21494P3CRITICALCVSS 9.8≥ Select devices using Exynos CP chipsets, < SMR May-2023 Release 12023-05-04
CVE-2023-21494 [CRITICAL] CWE-20 CVE-2023-21494: Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
nvd
CVE-2022-27568P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27568 [CRITICAL] CWE-122 CVE-2022-27568: Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Ap
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
nvd
CVE-2022-27569P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27569 [CRITICAL] CWE-122 CVE-2022-27569: Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Ap
Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
nvd
CVE-2022-27571P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27571 [CRITICAL] CWE-122 CVE-2022-27571: Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
nvd
CVE-2022-27570P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27570 [CRITICAL] CWE-122 CVE-2022-27570: Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
nvd
CVE-2023-21504P3CRITICALCVSS 9.8≥ Select devices using Exynos CP chipsets, < SMR May-2023 Release 12023-05-04
CVE-2023-21504 [CRITICAL] CWE-20 CVE-2023-21504: Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR Ma
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
nvd
1 / 19Next →