cbcvebase.

Samsung Mobile Devices vulnerabilities

374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.

Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95

Vulnerabilities

Page 5 of 19
CVE-2023-21484P3HIGHCVSS 7.8≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21484 [HIGH] CWE-287 CVE-2023-21484: Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attack Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.
nvd
CVE-2023-21488P3HIGHCVSS 7.8≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21488 [HIGH] CWE-284 CVE-2023-21488: Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attacker Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
nvd
CVE-2021-25408P3HIGHCVSS 7.8≥ P(9.0), Q(10.0), R(11.0) devices with Exynos9820, 9830, 980, 2100 chipsets, < SMR JUN-2021 Release 12021-06-11
CVE-2021-25408 [HIGH] CWE-787 CVE-2021-25408: A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitr A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.
nvd
CVE-2022-22292P3HIGHCVSS 7.8≥ Q(10.0), R(11.0), S(12.0), < SMR Feb-2022 Release 12022-02-11
CVE-2022-22292 [HIGH] CWE-280 CVE-2022-22292: Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted application Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
nvd
CVE-2021-25517P3HIGHCVSS 7.8≥ Q(10.0), R(11.0) devices with selected Exynos chipsets, < SMR Dec-2021 Release 12021-12-08
CVE-2021-25517 [HIGH] CWE-20 CVE-2021-25517: An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.
nvd
CVE-2022-27833P3HIGHCVSS 7.8≥ O(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27833 [HIGH] CWE-20 CVE-2022-27833: Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write b Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.
nvd
CVE-2022-36862P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36862 [HIGH] CWE-122 CVE-2022-36862: A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.sp A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
nvd
CVE-2022-36844P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36844 [HIGH] CWE-122 CVE-2022-36844: A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spen A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
nvd
CVE-2022-36847P3HIGHCVSS 7.8≥ Q(10), R(11), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36847 [HIGH] CWE-416 CVE-2022-36847: Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
nvd
CVE-2022-36849P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36849 [HIGH] CWE-416 CVE-2022-36849: Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR S Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
nvd
CVE-2022-39854P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-39854 [HIGH] CWE-284 CVE-2022-39854: Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure me Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
nvd
CVE-2023-21419P3HIGHCVSS 7.5≥ S(12), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21419 [HIGH] CWE-287 CVE-2023-21419: An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
nvd
CVE-2022-30717P3HIGHCVSS 7.5≥ Q(10), R(11), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30717 [HIGH] CWE-285 CVE-2022-30717: Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to u Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.
nvd
CVE-2023-21457P3HIGHCVSS 8.1≥ Android 11, 12, 13, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21457 [HIGH] CWE-284 CVE-2023-21457: Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
nvd
CVE-2022-27835P3HIGHCVSS 7.8≥ S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27835 [HIGH] CWE-20 CVE-2022-27835: Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory writ Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.
nvd
CVE-2021-25414P3HIGHCVSS 7.8≥ P(9.0), Q(10.0), R(11.0), < SMA JUN-2021 Release 12021-06-11
CVE-2021-25414 [HIGH] CWE-20 CVE-2021-25414: Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.
nvd
CVE-2023-21498P3HIGHCVSS 7.8≥ Select Android 13 devices, < SMR May-2023 Release 12023-05-04
CVE-2023-21498 [HIGH] CWE-20 CVE-2023-21498: Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-20 Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.
nvd
CVE-2023-21497P3HIGHCVSS 7.8≥ Select Android 13 devices, < SMR May-2023 Release 12023-05-04
CVE-2023-21497 [HIGH] CWE-134 CVE-2023-21497: Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.
nvd
CVE-2022-27826P3HIGHCVSS 7.8≥ O(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27826 [HIGH] CWE-20 CVE-2022-27826: Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows att Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
nvd
CVE-2022-27828P3HIGHCVSS 7.8≥ O(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27828 [HIGH] CWE-20 CVE-2022-27828: Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attack Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
nvd
Samsung Mobile Devices vulnerabilities | cvebase