Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20882

Summary
Assigner-SamsungMobile
Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458
Published At-04 Jun, 2024 | 06:42
Updated At-01 Aug, 2024 | 22:06
Rejected At-
Credits

Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SamsungMobile
Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458
Published At:04 Jun, 2024 | 06:42
Updated At:01 Aug, 2024 | 22:06
Rejected At:
▼CVE Numbering Authority (CNA)

Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.

Affected Products
Vendor
Samsung ElectronicsSamsung Mobile
Product
Samsung Mobile Devices
Default Status
affected
Versions
Unaffected
  • SMR Jun-2024 Release in Selected Android 12, 13, 14 Qualcomm devices
Problem Types
TypeCWE IDDescription
N/AN/ACWE-125 Out-of-bounds Read
Type: N/A
CWE ID: N/A
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06
N/A
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06
x_transferred
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mobile.security@samsung.com
Published At:04 Jun, 2024 | 07:15
Updated At:10 Feb, 2025 | 22:23

Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary3.14.6MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-apr-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-feb-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jan-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-mar-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-may-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-nov-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-oct-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-apr-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-aug-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-dec-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-feb-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jan-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jul-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jun-2022-r1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06mobile.security@samsung.com
Vendor Advisory
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06
Source: mobile.security@samsung.com
Resource:
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=06
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

133Records found
CVE-2025-21008
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-10 Jul, 2025 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidlibsavsvc.so
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20930
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.09%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-16 Jul, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21009
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.47%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-10 Jul, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidlibsavsvc.so
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20976
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.39%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:24
Updated-17 Jul, 2025 | 00:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary of text content in Samsung Notes prior to version 4.4.29.23 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20915
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.41%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-17 Jul, 2025 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20916
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.41%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-16 Jul, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in reading string of SPen in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21018
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.01% / 1.98%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-15 Aug, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28786
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28787
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28785
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.31%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:41
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27832
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 2.54%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27823
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-56427
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.13%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 00:00
Updated-01 Jul, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1480_firmwareexynos_modem_5400exynos_modem_5123_firmwareexynos_2200exynos_w920_firmwareexynos_2400exynos_modem_5300exynos_1330_firmwareexynos_990exynos_850_firmwareexynos_w930_firmwareexynos_980exynos_1280exynos_990_firmwareexynos_9110_firmwareexynos_1080_firmwareexynos_w1000_firmwareexynos_1380exynos_9110exynos_2400_firmwareexynos_850exynos_1080exynos_w930exynos_2100exynos_1280_firmwareexynos_1330exynos_980_firmwareexynos_2200_firmwareexynos_modem_5123exynos_w920exynos_modem_5400_firmwareexynos_2100_firmwareexynos_1480exynos_modem_5300_firmwareexynos_w1000n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-30665
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 14.54%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27824
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27825
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.06% / 18.89%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-25819
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.07%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:47
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-22271
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.47%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 22:39
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-39891
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 51.15%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-editor_liteEditor Lite
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39881
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.49% / 64.47%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-exynosexynos_firmwareSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5538
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.76% / 85.45%
||
7 Day CHG~0.00%
Published-23 Mar, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362.

Action-Not Available
Vendor-n/aSamsung
Product-samsung_mobilen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-27380
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.05% / 13.42%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:29
Updated-20 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_set_delayed_wakeup_type(), there is no input validation check on a length of ioctl_args->args[i] coming from userspace, which can lead to a heap over-read.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_1380exynos_980_firmwareexynos_850_firmwareexynos_1280_firmwareexynos_1280exynos_1380_firmwareexynos_1330_firmwareexynos_980exynos_1330n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25455
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.06% / 19.17%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 18:04
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-50600
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.24%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 00:00
Updated-01 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access. An attacker can send a malformed message to the target through the Wi-Fi driver.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_1380_firmwareexynos_1480_firmwareexynos_1480exynos_850exynos_1080exynos_w930exynos_1280_firmwareexynos_w920_firmwareexynos_1330exynos_980_firmwareexynos_1330_firmwareexynos_850_firmwareexynos_w930_firmwareexynos_980exynos_1280exynos_w920exynos_w1000_firmwareexynos_1080_firmwareexynos_w1000n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20933
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.09%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-16 Jul, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25492
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:10
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34626
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20920
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.41%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-16 Jul, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in action link data in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-23467
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 2.66%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 19:22
Updated-23 Apr, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of Bounds Read in OpenRazer Driver

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.

Action-Not Available
Vendor-openrazer_projectopenrazer
Product-openrazeropenrazer
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20132
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.6||MEDIUM
EPSS-0.09% / 26.97%
||
7 Day CHG-0.00%
Published-15 Jun, 2022 | 13:00
Updated-03 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-4693
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.01% / 0.69%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 10:27
Updated-23 Nov, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grub2: out-of-bounds read at fs/ntfs.c

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.

Action-Not Available
Vendor-Red Hat, Inc.GNU
Product-enterprise_linuxgrub2Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21215
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.12% / 31.28%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:03
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 Service Pack 2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20652
Matching Score-4
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-4
Assigner-MediaTek, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.01% / 0.94%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 02:25
Updated-22 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.

Action-Not Available
Vendor-MediaTek Inc.Google LLC
Product-mt8195mt8185mt8771mt6885mt6768mt8395mt8789mt8321mt6771mt6873mt8678mt8768mt6833mt8365mt6739mt8797mt6761mt8666mt8893mt8175mt8766mt8667mt8775mt8167mt8675mt6580mt8798mt6785mt6877mt8167smt8765mt8786mt8385mt6781mt6779mt8795tmt6893mt8362amt6765mt8673mt6853androidmt8788mt8791tmt8781MT6580, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found