Summary
| Detail | |||
|---|---|---|---|
| Vendor | Samsung | First view | 2023-12-05 |
| Product | Android | Last view | 2025-07-08 |
| Version | 12.0 | Type | Os |
| Update | smr-jul-2024-r1 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:samsung:android | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 0 | 2025-07-08 | CVE-2025-21009 | Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. |
| 0 | 2025-07-08 | CVE-2025-21008 | Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. |
| 0 | 2025-07-08 | CVE-2025-21007 | Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. |
| 7.8 | 2025-07-08 | CVE-2025-21006 | Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory. |
| 0 | 2025-07-08 | CVE-2025-21005 | Improper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information. |
| 5.5 | 2025-04-08 | CVE-2025-20934 | Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. |
| 4.4 | 2025-02-04 | CVE-2025-20907 | Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. |
| 6.7 | 2025-02-04 | CVE-2025-20905 | Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory. |
| 6.7 | 2025-02-04 | CVE-2025-20904 | Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption. |
| 5.5 | 2025-02-04 | CVE-2025-20891 | Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. |
| 7.8 | 2025-02-04 | CVE-2025-20890 | Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. |
| 5.5 | 2025-02-04 | CVE-2025-20889 | Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. |
| 7.8 | 2025-02-04 | CVE-2025-20888 | Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. |
| 5.5 | 2025-02-04 | CVE-2025-20887 | Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. |
| 4.4 | 2025-02-04 | CVE-2025-20886 | Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. |
| 6.7 | 2025-02-04 | CVE-2025-20885 | Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. |
| 4.6 | 2025-02-04 | CVE-2025-20884 | Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. |
| 4.6 | 2025-02-04 | CVE-2025-20883 | Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. |
| 7.8 | 2025-02-04 | CVE-2025-20882 | Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. |
| 7.8 | 2025-02-04 | CVE-2025-20881 | Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. |
| 9.8 | 2024-12-03 | CVE-2024-49415 | Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. |
| 2.4 | 2024-12-03 | CVE-2024-49414 | Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. |
| 4.6 | 2024-12-03 | CVE-2024-49411 | Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. |
| 7.8 | 2024-12-03 | CVE-2024-49410 | Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. |
| 5.5 | 2024-11-06 | CVE-2024-34680 | Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 67% (25) | CWE-787 | Out-of-bounds Write |
| 13% (5) | CWE-125 | Out-of-bounds Read |
| 5% (2) | CWE-276 | Incorrect Default Permissions |
| 5% (2) | CWE-190 | Integer Overflow or Wraparound |
| 5% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 2% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
