Samsung Mobile Devices vulnerabilities

CVE-2022-22266 [LOW] CWE-269 CVE-2022-22266: (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity applicati (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.

CVE-2022-22267 [LOW] CWE-285 CVE-2022-22267: Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 all Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.

CVE-2022-22269 [LOW] CWE-285 CVE-2022-22269: Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allo Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.

CVE-2021-25511 [HIGH] CWE-20 CVE-2021-25511: An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attack An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.

CVE-2021-25517 [HIGH] CWE-20 CVE-2021-25517: An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.

CVE-2021-25512 [HIGH] CWE-20 CVE-2021-25512: An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers t An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.

CVE-2021-25516 [HIGH] CWE-703 CVE-2021-25516: An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Rel An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.

CVE-2021-25510 [HIGH] CWE-20 CVE-2021-25510: An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.

CVE-2021-25514 [MEDIUM] CVE-2021-25514: An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.

CVE-2021-25518 [MEDIUM] CWE-119 CVE-2021-25518: An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arb An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.

CVE-2021-25513 [LOW] CWE-269 CVE-2021-25513: An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Releas An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.

CVE-2021-25515 [LOW] CWE-269 CVE-2021-25515: An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows atta An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.

CVE-2021-25519 [LOW] CWE-200 CVE-2021-25519: An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attack An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.

CVE-2021-25502 [MEDIUM] CWE-269 CVE-2021-25502: A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-20 A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.

CVE-2021-25503 [MEDIUM] CWE-20 CVE-2021-25503: Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.

CVE-2021-25500 [MEDIUM] CWE-20 CVE-2021-25500: A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrit A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.

CVE-2021-25501 [LOW] CWE-284 CVE-2021-25501: An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR N An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.

CVE-2021-25478 [HIGH] CWE-121 CVE-2021-25478: A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Rele A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

CVE-2021-25470 [HIGH] CWE-94 CVE-2021-25470: An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.

CVE-2021-25471 [HIGH] CWE-20 CVE-2021-25471: A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.