Samsung Mobile Devices vulnerabilities

CVE-2022-39884 [LOW] CWE-284 CVE-2022-39884: Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local at Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.

CVE-2022-39862 [CRITICAL] CWE-285 CVE-2022-39862: Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3. Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.

CVE-2022-39854 [HIGH] CWE-284 CVE-2022-39854: Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure me Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.

CVE-2022-39852 [HIGH] CWE-122 CVE-2022-39852: A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to S A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.

CVE-2022-39853 [HIGH] CWE-416 CVE-2022-39853: A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.

CVE-2022-39847 [MEDIUM] CWE-416 CVE-2022-39847: Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR O Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.

CVE-2022-39855 [MEDIUM] CWE-284 CVE-2022-39855: Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a l Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.

CVE-2022-39851 [LOW] CWE-284 CVE-2022-39851: Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows l Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission.

CVE-2022-39856 [LOW] CWE-200 CVE-2022-39856: Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allo Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information.

CVE-2022-39849 [LOW] CWE-284 CVE-2022-39849: Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows una Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

CVE-2022-39850 [LOW] CWE-284 CVE-2022-39850: Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allow Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

CVE-2022-36868 [LOW] CWE-20 CVE-2022-36868: Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 le Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-39848 [LOW] CWE-213 CVE-2022-39848: Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local att Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.

CVE-2022-36847 [HIGH] CWE-416 CVE-2022-36847: Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

CVE-2022-36862 [HIGH] CWE-122 CVE-2022-36862: A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.sp A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

CVE-2022-36853 [HIGH] CWE-20 CVE-2022-36853: Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.

CVE-2022-36858 [HIGH] CWE-122 CVE-2022-36858: A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognition A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

CVE-2022-36845 [HIGH] CWE-122 CVE-2022-36845: A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk. A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

CVE-2022-36849 [HIGH] CWE-416 CVE-2022-36849: Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR S Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

CVE-2022-36863 [HIGH] CWE-122 CVE-2022-36863: A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionTe A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.