Samsung Mobile Devices vulnerabilities

CVE-2021-25370 [MEDIUM] CWE-416 CVE-2021-25370: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 r An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

CVE-2021-25372 [MEDIUM] CWE-787 CVE-2021-25372: An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

CVE-2021-25369 [MEDIUM] CWE-200 CVE-2021-25369: An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sen An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

CVE-2021-25371 [MEDIUM] CWE-912 CVE-2021-25371: A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF li A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.

CVE-2021-25346 [CRITICAL] CWE-787 CVE-2021-25346: A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.

CVE-2021-25337 [HIGH] CWE-269 CVE-2021-25337: Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

CVE-2021-25344 [MEDIUM] CWE-862 CVE-2021-25344: Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.

CVE-2021-25339 [MEDIUM] CWE-20 CVE-2021-25339: Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.

CVE-2021-25345 [MEDIUM] CVE-2021-25345: Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.

CVE-2021-25347 [MEDIUM] CWE-287 CVE-2021-25347: Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.

CVE-2021-25338 [MEDIUM] CWE-20 CVE-2021-25338: Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allo Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.

CVE-2021-25334 [MEDIUM] CWE-20 CVE-2021-25334: Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.

CVE-2021-25335 [LOW] CWE-703 CVE-2021-25335: Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2 Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.

CVE-2021-25336 [LOW] CWE-269 CVE-2021-25336: Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-202 Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.

CVE-2021-25330 [HIGH] CVE-2021-25330: Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service att Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.