Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 13 of 19
CVE-2021-25345P4MEDIUMCVSS 5.5≥ Q(10.0), R(11.0), < SMR Mar-2021 Release 12021-03-04
CVE-2021-25345 [MEDIUM] CVE-2021-25345: Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.
nvd
CVE-2021-25452P4MEDIUMCVSS 5.5≥ Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipset, < SMR Sep-2021 Release 12021-09-09
CVE-2021-25452 [MEDIUM] CWE-22 CVE-2021-25452: An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
nvd
CVE-2022-33691P4MEDIUMCVSS 4.7≥ Q(10), R(11), S(12) devices with Exynos 9820 chipset, < SMR Jul-2022 Release 12022-07-12
CVE-2022-33691 [MEDIUM] CWE-367 CVE-2022-33691: A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow lo
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.
nvd
CVE-2022-25816P4MEDIUMCVSS 4.6≥ Q(10), R(11), S(12), < SMR Mar-2022 Release 12022-03-10
CVE-2022-25816 [MEDIUM] CWE-287 CVE-2022-25816: Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
nvd
CVE-2021-25468P4MEDIUMCVSS 4.4≥ Select Q(10.0), R(11.0) devices with Exynos chipsets, < SMR Oct-2021 Release 12021-10-06
CVE-2021-25468 [MEDIUM] CWE-20 CVE-2021-25468: A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
nvd
CVE-2021-25411P4MEDIUMCVSS 4.4≥ Q(10.0), R(11.0) devices with Exynos9610, 9810, 9820, 9830, < SMR JUN-2021 Release 12021-06-11
CVE-2021-25411 [MEDIUM] CWE-94 CVE-2021-25411: Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root pri
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
nvd
CVE-2022-28787P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR May-2022 Release 12022-05-03
CVE-2022-28787 [MEDIUM] CWE-125 CVE-2022-28787: Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
nvd
CVE-2022-28785P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR May-2022 Release 12022-05-03
CVE-2022-28785 [MEDIUM] CWE-125 CVE-2022-28785: Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
nvd
CVE-2022-28788P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR May-2022 Release 12022-05-03
CVE-2022-28788 [MEDIUM] CWE-125 CVE-2022-28788: Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
nvd
CVE-2022-28786P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR May-2022 Release 12022-05-03
CVE-2022-28786 [MEDIUM] CWE-125 CVE-2022-28786: Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
nvd
CVE-2022-25820P4MEDIUMCVSS 4.6≥ Select R(11), S(12) devices, < SMR Mar-2022 Release 12022-03-10
CVE-2022-25820 [MEDIUM] CWE-307 CVE-2022-25820: A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physica
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
nvd
CVE-2022-24001P4MEDIUMCVSS 4.6≥ -, < Android S(12)2022-02-11
CVE-2022-24001 [MEDIUM] CWE-200 CVE-2022-24001: Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.
nvd
CVE-2021-25500P4MEDIUMCVSS 4.4≥ Select Q(10.0), R(11.0) devices with Exynos 980, 9820, 9830, 2100 chipset, < SMR Nov-2021 Release 12021-11-05
CVE-2021-25500 [MEDIUM] CWE-20 CVE-2021-25500: A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrit
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
nvd
CVE-2021-25391P4MEDIUMCVSS 4.0≥ R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25391 [MEDIUM] CWE-926 CVE-2021-25391: Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers t
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
nvd
CVE-2021-25390P4MEDIUMCVSS 4.0≥ O(8.1), P(9.x), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25390 [MEDIUM] CWE-926 CVE-2021-25390: Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to e
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
nvd
CVE-2021-25334P4MEDIUMCVSS 5.5≥ P(9.0), Q(10.0) , R(11.0), < SMR Feb-2021 Release 12021-03-04
CVE-2021-25334 [MEDIUM] CWE-20 CVE-2021-25334: Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.
nvd
CVE-2022-36848P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36848 [MEDIUM] CWE-285 CVE-2022-36848: Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows l
Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service.
nvd
CVE-2023-21485P4MEDIUMCVSS 4.6≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21485 [MEDIUM] CWE-926 CVE-2023-21485: Improper export of android application components vulnerability in VideoPreviewActivity in Call Sett
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
nvd
CVE-2023-21486P4MEDIUMCVSS 4.6≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21486 [MEDIUM] CWE-926 CVE-2023-21486: Improper export of android application components vulnerability in ImagePreviewActivity in Call Sett
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
nvd
CVE-2022-39900P4MEDIUMCVSS 4.6≥ R(11), S(12), T(13), < SMR Dec-2022 Release 12022-12-08
CVE-2022-39900 [MEDIUM] CWE-284 CVE-2022-39900: Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical
Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch.
nvd