Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-21499

Summary
Assigner-Samsung Mobile
Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458
Published At-04 May, 2023 | 00:00
Updated At-12 Feb, 2025 | 16:29
Rejected At-
Credits

Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Samsung Mobile
Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458
Published At:04 May, 2023 | 00:00
Updated At:12 Feb, 2025 | 16:29
Rejected At:
▼CVE Numbering Authority (CNA)

Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

Affected Products
Vendor
Samsung ElectronicsSamsung Mobile
Product
Samsung Mobile Devices
Versions
Affected
  • From Select Android 13 devices before SMR May-2023 Release 1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
N/A
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
x_transferred
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mobile.security@samsung.com
Published At:04 May, 2023 | 21:15
Updated At:11 May, 2023 | 01:49

Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondarymobile.security@samsung.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: mobile.security@samsung.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05mobile.security@samsung.com
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05
Source: mobile.security@samsung.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1403Records found
CVE-2023-42561
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.1||HIGH
EPSS-0.21% / 43.69%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-29 May, 2025 | 13:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-12747
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.30%
||
7 Day CHG~0.00%
Published-11 May, 2020 | 15:15
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidexynos980\(9630\)exynos990\(9830\)n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42557
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.6||MEDIUM
EPSS-0.07% / 20.49%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41268
Matching Score-6
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-6
Assigner-Samsung TV & Appliance
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.73%
||
7 Day CHG~0.00%
Published-06 Dec, 2023 | 03:46
Updated-02 Dec, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible stack overflow due to insufficient input validation

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0.

Action-Not Available
Vendor-Samsung Open SourceSamsung
Product-escargotEscargot
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-41111
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.30% / 52.74%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 00:00
Updated-17 Sep, 2024 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_850_firmwareexynos_9820_firmwareexynos_980_firmwareexynos_1330exynos_auto_t5123exynos_9610exynos_1330_firmwareexynos_9810_firmwareexynos_2100exynos_9110exynos_980exynos_modem_5300_firmwareexynos_2200_firmwareexynos_9820exynos_modem_5123_firmwareexynos_9810exynos_9110_firmwareexynos_1280exynos_850exynos_1080exynos_2200exynos_w920_firmwareexynos_w920exynos_auto_t5123_firmwareexynos_1080_firmwareexynos_2100_firmwareexynos_1280_firmwareexynos_modem_5300exynos_1380_firmwareexynos_9610_firmwareexynos_modem_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23097
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 18.46%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1380n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23103
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-0.06% / 17.80%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_1480_firmwareexynos_2400_firmwareexynos_1480n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23099
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 18.46%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 00:00
Updated-13 Jun, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480_firmwareexynos_2400_firmwareexynos_2400exynos_1480n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23107
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-0.06% / 17.80%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_1480_firmwareexynos_2400_firmwareexynos_1480n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20904
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.3||MEDIUM
EPSS-0.03% / 5.52%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:24
Updated-12 Feb, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20885
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.50%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-25 Mar, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20982
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.68%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:33
Updated-14 Jul, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20889
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20888
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.02% / 3.28%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20937
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.89%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:22
Updated-13 May, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21017
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.24%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-15 Aug, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21021
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.01% / 1.94%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-15 Aug, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20890
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.02% / 3.28%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 20:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20964
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:24
Updated-21 May, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20900
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 3.73%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-17 Jul, 2025 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20882
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.02% / 3.28%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20963
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 3.89%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:24
Updated-21 May, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20983
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.68%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:33
Updated-14 Jul, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21020
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.01% / 1.94%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-15 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30648
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.04% / 12.21%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:50
Updated-24 Oct, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30699
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.5||HIGH
EPSS-2.24% / 83.91%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-09 Oct, 2024 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29091
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.16% / 37.70%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-06 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP URI.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_auto_t5123exynos_5300exynos_1080exynos_1080_firmwareexynos_5123exynos_980exynos_5300_firmwareexynos_5123_firmwareexynos_9110exynos_auto_t5123_firmwareexynos_980_firmwareexynos_9110_firmwaren/a
CWE ID-CWE-1173
Improper Use of Validation Framework
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-29085
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.13% / 77.46%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-07 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP status line.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_980exynos_auto_t5123exynos_9110_firmwareexynos_1080exynos_5123_firmwareexynos_auto_t5123_firmwareexynos_9110exynos_980_firmwareexynos_5300exynos_1080_firmwareexynos_5300_firmwareexynos_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20556
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 35.75%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:23
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019).

Action-Not Available
Vendor-n/aGoogle LLCQualcomm Technologies, Inc.Samsung
Product-exynos_9610sm6150sm8150androidexynos_7885sm8150_fusionexynos_9820n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49408
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 4.38%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 02:17
Updated-13 Nov, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_s24galaxy_s24_firmwareSamsung Mobile Devicesgalaxy_s24_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49415
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.1||HIGH
EPSS-0.88% / 74.49%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 05:47
Updated-10 Feb, 2025 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-46920
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.96%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 00:00
Updated-20 Jun, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_990_firmwareexynos_1080_firmwareexynos_1280_firmwareexynos_980exynos_980_firmwareexynos_9820exynos_9825exynos_990exynos_1080exynos_2100_firmwareexynos_1280exynos_850_firmwareexynos_9820_firmwareexynos_2100exynos_9825_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39891
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-editor_liteEditor Lite
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-26072
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.19% / 41.37%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-03 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Emergency number list.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_modem_5123exynos_1080_firmwareexynos_modem_5300exynos_2200exynos_1280_firmwareexynos_850_firmwareexynos_w920exynos_2200_firmwareexynos_modem_5123_firmwareexynos_980_firmwareexynos_auto_t5123_firmwareexynos_1280exynos_modem_5300_firmwareexynos_1080exynos_auto_t5123exynos_w920_firmwareexynos_980n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-26497
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-5.59% / 89.94%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_980_firmwareexynos_auto_t5123_firmwareexynos_modem_5300_firmwareexynos_auto_t5123exynos_980exynos_1080_firmwareexynos_modem_5123exynos_modem_5123_firmwareexynos_1080exynos_modem_5300n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-26073
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.19% / 41.37%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-03 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_modem_5123exynos_1080_firmwareexynos_modem_5300exynos_2200exynos_1280_firmwareexynos_850_firmwareexynos_w920exynos_2200_firmwareexynos_modem_5123_firmwareexynos_980_firmwareexynos_auto_t5123_firmwareexynos_1280exynos_modem_5300_firmwareexynos_1080exynos_auto_t5123exynos_w920_firmwareexynos_980n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-26074
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.19% / 41.37%
||
7 Day CHG~0.00%
Published-13 Mar, 2023 | 00:00
Updated-03 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123.. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding operator-defined access category definitions.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_modem_5123exynos_1080_firmwareexynos_modem_5300exynos_2200exynos_1280_firmwareexynos_850_firmwareexynos_w920exynos_2200_firmwareexynos_modem_5123_firmwareexynos_980_firmwareexynos_auto_t5123_firmwareexynos_1280exynos_modem_5300_firmwareexynos_1080exynos_auto_t5123exynos_w920_firmwareexynos_980n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-26498
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-19.41% / 95.17%
||
7 Day CHG~0.00%
Published-23 Mar, 2023 | 00:00
Updated-25 Feb, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Memory corruption can occur due to improper checking of the number of properties while parsing the chatroom attribute in the SDP (Session Description Protocol) module.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_auto_t5123exynos_1080exynos_modem_5300exynos_980exynos_980_firmwareexynos_1080_firmwareexynos_modem_5123_firmwareexynos_modem_5300_firmwareexynos_auto_t5123_firmwareexynos_modem_5123n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-33730
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 10.26%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:21
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27570
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.1||HIGH
EPSS-1.17% / 77.82%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27569
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.1||HIGH
EPSS-1.17% / 77.82%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27573
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 33.43%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27571
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.1||HIGH
EPSS-1.17% / 77.82%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27572
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.1||HIGH
EPSS-1.17% / 77.82%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-52432
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 18.79%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 04:41
Updated-10 Feb, 2025 | 22:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27568
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.1||HIGH
EPSS-1.17% / 77.82%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27574
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27835
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.6||HIGH
EPSS-0.04% / 11.40%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-26098
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.1||HIGH
EPSS-1.17% / 77.82%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23432
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.08%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 28
  • 29
  • Next
Details not found