Samsung Mobile Devices vulnerabilities

CVE-2022-33697 [LOW] CWE-532 CVE-2022-33697: Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-202 Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

CVE-2022-30750 [LOW] CWE-284 CVE-2022-30750: Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient p Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.

CVE-2022-30722 [CRITICAL] CWE-285 CVE-2022-30722: Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows at Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.

CVE-2022-30712 [CRITICAL] CWE-20 CVE-2022-30712: Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

CVE-2022-30711 [CRITICAL] CWE-20 CVE-2022-30711: Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to l Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

CVE-2022-30710 [CRITICAL] CWE-20 CVE-2022-30710: Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

CVE-2022-30713 [CRITICAL] CWE-20 CVE-2022-30713: Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

CVE-2022-30717 [HIGH] CWE-285 CVE-2022-30717: Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to u Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.

CVE-2022-30726 [HIGH] CWE-20 CVE-2022-30726: Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SM Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

CVE-2022-30729 [MEDIUM] CWE-923 CVE-2022-30729: Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.

CVE-2022-30715 [MEDIUM] CWE-284 CVE-2022-30715: Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.

CVE-2022-30716 [MEDIUM] CWE-280 CVE-2022-30716: Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 a Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

CVE-2022-30709 [MEDIUM] CWE-20 CVE-2022-30709: Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

CVE-2022-30721 [MEDIUM] CWE-20 CVE-2022-30721: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

CVE-2022-30725 [MEDIUM] CWE-280 CVE-2022-30725: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-30720 [MEDIUM] CWE-20 CVE-2022-30720: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

CVE-2022-30724 [MEDIUM] CWE-280 CVE-2022-30724: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

CVE-2022-30719 [MEDIUM] CWE-20 CVE-2022-30719: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

CVE-2022-30727 [MEDIUM] CWE-280 CVE-2022-30727: Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in Perso Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.

CVE-2022-30723 [MEDIUM] CWE-280 CVE-2022-30723: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.