Samsung Mobile Devices vulnerabilities

375 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.

Total CVEs

375

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL37HIGH101MEDIUM142LOW95

Vulnerabilities

Page 6 of 19

CVE-2022-36855HIGHCVSS 7.8≥ Q(10), R(11), S(12) devices with exynos9810 and exynos9820 chipsets, < SMR Sep-2022 Release 12022-09-09

CVE-2022-36855 [HIGH] CWE-416 CVE-2022-36855: A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

cvelistv5nvd

CVE-2022-36846HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36846 [HIGH] CWE-122 CVE-2022-36846: A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

cvelistv5nvd

CVE-2022-36844HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36844 [HIGH] CWE-122 CVE-2022-36844: A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spen A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

cvelistv5nvd

CVE-2022-36843HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36843 [HIGH] CWE-122 CVE-2022-36843: A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk. A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

cvelistv5nvd

CVE-2022-36842HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36842 [HIGH] CWE-122 CVE-2022-36842: A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

cvelistv5nvd

CVE-2022-36841HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36841 [HIGH] CWE-122 CVE-2022-36841: A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.sp A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

cvelistv5nvd

CVE-2022-36860HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36860 [HIGH] CWE-122 CVE-2022-36860: A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.sam A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

cvelistv5nvd

CVE-2022-36850MEDIUMCVSS 4.7≥ S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36850 [MEDIUM] CWE-20 CVE-2022-36850: Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to ov Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.

cvelistv5nvd

CVE-2022-36854MEDIUMCVSS 5.5≥ S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36854 [MEDIUM] CWE-20 CVE-2022-36854: Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker acc Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.

cvelistv5nvd

CVE-2022-36848MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36848 [MEDIUM] CWE-285 CVE-2022-36848: Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows l Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service.

cvelistv5nvd

CVE-2022-36861MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36861 [MEDIUM] CWE-269 CVE-2022-36861: Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker t Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege.

cvelistv5nvd

CVE-2022-36852LOWCVSS 3.3≥ R(11), S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36852 [LOW] CWE-285 CVE-2022-36852: Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local at Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data.

cvelistv5nvd

CVE-2022-36857LOWCVSS 2.4≥ R(11) and Photo Editor prior to 3.0.23.43 in S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36857 [LOW] CWE-285 CVE-2022-36857: Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.

cvelistv5nvd

CVE-2022-36856LOWCVSS 3.3≥ S(12), < SMR Sep-2022 Release 12022-09-09

CVE-2022-36856 [LOW] CWE-284 CVE-2022-36856: Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.

cvelistv5nvd

CVE-2022-33719CRITICALCVSS 9.8≥ 10, 11, 12, < SMR Aug-2022 Release 12022-08-05

CVE-2022-33719 [CRITICAL] CWE-20 CVE-2022-33719: Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause inte Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.

cvelistv5nvd

CVE-2022-33731HIGHCVSS 7.1≥ R(11), S(12), < SMR Aug-2022 Release 12022-08-05

CVE-2022-33731 [HIGH] CWE-284 CVE-2022-33731: Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows atta Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.

cvelistv5nvd

CVE-2022-33732HIGHCVSS 7.1≥ S(12), < SMR Aug-2022 Release 12022-08-05

CVE-2022-33732 [HIGH] CWE-287 CVE-2022-33732: Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows l Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.

cvelistv5nvd

CVE-2022-33730MEDIUMCVSS 6.8≥ S(12), < SMR Aug-2022 Release 12022-08-05

CVE-2022-33730 [MEDIUM] CWE-787 CVE-2022-33730: Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allow Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.

cvelistv5nvd

CVE-2022-33715MEDIUMCVSS 5.5≥ R(11), S(12), < SMR Aug-2022 Release 12022-08-05

CVE-2022-33715 [MEDIUM] CWE-20 CVE-2022-33715: Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 R Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.

cvelistv5nvd

CVE-2022-33717MEDIUMCVSS 4.4≥ R(11), S(12), < SMR Aug-2022 Release 12022-08-05

CVE-2022-33717 [MEDIUM] CWE-125 CVE-2022-33717: A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.

cvelistv5nvd

← Previous6 / 19Next →