Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-21509

Summary
Assigner-Samsung Mobile
Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458
Published At-04 May, 2023 | 00:00
Updated At-12 Feb, 2025 | 16:20
Rejected At-
Credits

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Samsung Mobile
Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458
Published At:04 May, 2023 | 00:00
Updated At:12 Feb, 2025 | 16:20
Rejected At:
▼CVE Numbering Authority (CNA)

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

Affected Products
Vendor
Samsung ElectronicsSamsung Mobile
Product
Samsung Blockchain Keystore
Versions
Affected
  • From unspecified before 1.3.12.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05
N/A
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05
x_transferred
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mobile.security@samsung.com
Published At:04 May, 2023 | 21:15
Updated At:11 May, 2023 | 01:17

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Samsung
samsung
>>samsung_blockchain_keystore>>Versions before 1.3.12.1(exclusive)
cpe:2.3:a:samsung:samsung_blockchain_keystore:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondarymobile.security@samsung.com
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: mobile.security@samsung.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05mobile.security@samsung.com
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=05
Source: mobile.security@samsung.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1866Records found
CVE-2022-23428
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.01% / 1.72%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20843
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.6||MEDIUM
EPSS-0.06% / 18.08%
||
7 Day CHG+0.01%
Published-02 Apr, 2024 | 02:59
Updated-07 Feb, 2025 | 16:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20877
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.08%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 06:42
Updated-10 Feb, 2025 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20817
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 02:23
Updated-08 May, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20863
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 04:28
Updated-10 Feb, 2025 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20813
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.15% / 36.57%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 02:23
Updated-15 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23432
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.06%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20819
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 02:23
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20849
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.10% / 27.32%
||
7 Day CHG+0.03%
Published-02 Apr, 2024 | 02:59
Updated-07 Feb, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Google LLCSamsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20901
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.06% / 17.71%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 09:20
Updated-01 Aug, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20818
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.08% / 23.44%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 02:23
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20832
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 21.10%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 04:44
Updated-16 Apr, 2025 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20893
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 7.53%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 09:20
Updated-01 Aug, 2024 | 22:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20842
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-4.2||MEDIUM
EPSS-0.04% / 12.87%
||
7 Day CHG+0.01%
Published-02 Apr, 2024 | 02:59
Updated-12 Mar, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20812
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.06% / 19.95%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 02:23
Updated-15 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20831
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 22.39%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 04:44
Updated-10 Feb, 2025 | 22:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20845
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.12% / 31.39%
||
7 Day CHG+0.03%
Published-02 Apr, 2024 | 02:59
Updated-07 Feb, 2025 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20878
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.13% / 33.08%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 06:42
Updated-10 Feb, 2025 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20846
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.08% / 25.03%
||
7 Day CHG+0.02%
Published-02 Apr, 2024 | 02:59
Updated-07 Feb, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20848
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.06% / 18.14%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 02:59
Updated-07 Feb, 2025 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20862
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6||MEDIUM
EPSS-0.04% / 11.18%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 04:28
Updated-10 Feb, 2025 | 21:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20937
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 2.87%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:22
Updated-13 May, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21020
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.01% / 1.92%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-15 Aug, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20929
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.02% / 3.66%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-16 Jul, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21017
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 2.21%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-15 Aug, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20982
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.66%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:33
Updated-14 Jul, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20885
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 3.48%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-25 Mar, 2025 | 06:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21021
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.01% / 1.92%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-15 Aug, 2025 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20983
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 2.66%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:33
Updated-14 Jul, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19273
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.60%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 15:46
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidgalaxy_note8galaxy_s8exynos_8895galaxy_s8_plusn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39852
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-8||HIGH
EPSS-0.04% / 11.97%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42535
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.08% / 25.50%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-04 Sep, 2024 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42567
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.12% / 32.06%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42557
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.6||MEDIUM
EPSS-0.07% / 20.46%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42560
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.4||HIGH
EPSS-0.13% / 33.57%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42528
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.72%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-04 Sep, 2024 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42558
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6||MEDIUM
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-02 Dec, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42537
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.07% / 22.65%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-17 Sep, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-42536
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-8.4||HIGH
EPSS-0.07% / 22.65%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-11 Jun, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-42538
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 20.62%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-42529
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.05% / 14.49%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 07:49
Updated-04 Sep, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-42566
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.09% / 26.29%
||
7 Day CHG~0.00%
Published-05 Dec, 2023 | 02:44
Updated-02 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-36858
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.04% / 10.38%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30696
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.11%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-04 Oct, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30670
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-20 Nov, 2024 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30697
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.11%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-04 Oct, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30647
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.81%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:50
Updated-20 Nov, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30644
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.09% / 25.81%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:50
Updated-21 Nov, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30681
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.11%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-04 Oct, 2024 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30694
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 37
  • 38
  • Next
Details not found