A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure.
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.
Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.
Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.
An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.
Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.
In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
In getNetworkTypeForSubscriber of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-186776740
In enqueueNotification of NetworkPolicyManagerService.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-177931370
On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969
An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018).
Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.
In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561369; Issue ID: ALPS05561369.
Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.
In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-176496502
In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05489195; Issue ID: ALPS05489220.
In queryInternal of CallLogProvider.java, there is a possible access to voicemail information due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224771921
Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files.
Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.
Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay.
In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data.
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.