Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 8 of 19
CVE-2023-21489P4MEDIUMCVSS 6.8≥ Selected Android 11, 12, 13 Qualcomm devices, < SMR May-2023 Release 12023-05-04
CVE-2023-21489 [MEDIUM] CWE-787 CVE-2023-21489: Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physic
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
nvd
CVE-2021-25396P4MEDIUMCVSS 6.7≥ Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25396 [MEDIUM] CWE-787 CVE-2021-25396: An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows ar
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
nvd
CVE-2021-25469P4MEDIUMCVSS 6.7≥ Select Q(10.0), R(11.0) devices with Exynos chipsets, < SMR Oct-2021 Release 12021-10-06
CVE-2021-25469 [MEDIUM] CWE-120 CVE-2021-25469: A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Rele
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
nvd
CVE-2021-25475P4MEDIUMCVSS 6.7≥ Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25475 [MEDIUM] CWE-122 CVE-2021-25475: A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Relea
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
nvd
CVE-2022-24925P4MEDIUMCVSS 6.5≥ -, < Android S(12)2022-02-11
CVE-2022-24925 [MEDIUM] CWE-20 CVE-2022-24925: Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged
Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.
nvd
CVE-2022-33731P4HIGHCVSS 7.1≥ R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33731 [HIGH] CWE-284 CVE-2022-33731: Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows atta
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.
nvd
CVE-2022-27834P4HIGHCVSS 7.0≥ Q(10), R(11), S(12) devices with Exynos 2100, 9830, 980 chipsets, < SMR Apr-2022 Release 12022-04-11
CVE-2022-27834 [HIGH] CWE-367 CVE-2022-27834: Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-202
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.
nvd
CVE-2022-25832P4MEDIUMCVSS 6.8≥ Select Q(10), R(11), S(12) devices, < SMR Apr-2022 Release 12022-04-11
CVE-2022-25832 [MEDIUM] CWE-287 CVE-2022-25832: Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical at
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.
nvd
CVE-2022-28781P4MEDIUMCVSS 6.7≥ R(11), S(12), < SMR May-2022 Release 12022-05-03
CVE-2022-28781 [MEDIUM] CWE-20 CVE-2022-28781: Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arb
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.
nvd
CVE-2021-25503P4MEDIUMCVSS 6.7≥ Select O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets, < SMR Nov-2021 Release 12021-11-05
CVE-2021-25503 [MEDIUM] CWE-20 CVE-2021-25503: Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to
Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.
nvd
CVE-2021-25450P4MEDIUMCVSS 6.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Sep-2021 Release 12021-09-09
CVE-2021-25450 [MEDIUM] CWE-20 CVE-2021-25450: Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attac
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
nvd
CVE-2023-21490P4HIGHCVSS 7.1≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21490 [HIGH] CWE-284 CVE-2023-21490: Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker t
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
nvd
CVE-2022-23427P4HIGHCVSS 7.1≥ Q(10), R(11), S(12), < SMR Feb-2022 Release 12022-02-11
CVE-2022-23427 [HIGH] CWE-20 CVE-2022-23427: PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 a
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.
nvd
CVE-2022-33732P4HIGHCVSS 7.1≥ S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33732 [HIGH] CWE-287 CVE-2022-33732: Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows l
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.
nvd
CVE-2021-25467P4MEDIUMCVSS 6.7≥ R(11.0) devices with Exynos 980, 9830, 2100 chipsets, < SMR Oct-2021 Release 12021-10-06
CVE-2021-25467 [MEDIUM] CWE-120 CVE-2021-25467: Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kern
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.
nvd
CVE-2021-25514P4MEDIUMCVSS 6.5≥ Q(10.0), R(11.0), < SMR Dec-2021 Release 12021-12-08
CVE-2021-25514 [MEDIUM] CVE-2021-25514: An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.
nvd
CVE-2023-21456P4MEDIUMCVSS 5.5≥ Android 11, 12, 13, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21456 [MEDIUM] CWE-22 CVE-2023-21456: Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacke
Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.
nvd
CVE-2022-25821P4HIGHCVSS 7.1≥ Q(10), R(11), S(12) devices with Exynos CP chipsets, < SMR Mar-2022 Release 12022-03-10
CVE-2022-25821 [HIGH] CWE-125 CVE-2022-25821: Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB re
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.
nvd
CVE-2021-25490P4MEDIUMCVSS 6.0≥ P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25490 [MEDIUM] CWE-287 CVE-2021-25490: A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger I
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
nvd
CVE-2023-21513P4MEDIUMCVSS 6.8≥ Android 11, 12, 13, < SMR Jun-2023 Release 12023-06-28
CVE-2023-21513 [MEDIUM] CWE-269 CVE-2023-21513: Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physic
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
nvd