Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-46919

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Jan, 2025 | 00:00
Updated At-13 Jan, 2025 | 19:41
Rejected At-
Credits

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Jan, 2025 | 00:00
Updated At:13 Jan, 2025 | 19:41
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
N/A
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-46919/
N/A
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Resource: N/A
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-46919/
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Jan, 2025 | 17:15
Updated At:20 Jun, 2025 | 16:06

An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Samsung
samsung
>>exynos_9820_firmware>>-
cpe:2.3:o:samsung:exynos_9820_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9820>>-
cpe:2.3:h:samsung:exynos_9820:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9825_firmware>>-
cpe:2.3:o:samsung:exynos_9825_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_9825>>-
cpe:2.3:h:samsung:exynos_9825:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_980_firmware>>-
cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_980>>-
cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_990_firmware>>-
cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_990>>-
cpe:2.3:h:samsung:exynos_990:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_850_firmware>>-
cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_850>>-
cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2100_firmware>>-
cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_2100>>-
cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1280_firmware>>-
cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1280>>-
cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1080_firmware>>-
cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*
Samsung
samsung
>>exynos_1080>>-
cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve@mitre.org
Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-46919/cve@mitre.org
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-46919/
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

231Records found
CVE-2022-24924
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-2.2||LOW
EPSS-2.87% / 86.45%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-livewallpaperserviceLiveWallpaper
CWE ID-CWE-284
Improper Access Control
CVE-2022-23433
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 46.17%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidreminderReminder
CWE ID-CWE-284
Improper Access Control
CVE-2026-20996
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.17%
||
7 Day CHG+0.01%
Published-16 Mar, 2026 | 04:32
Updated-31 Mar, 2026 | 00:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_switchSmart Switch
CWE ID-CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CVE-2026-20995
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.94%
||
7 Day CHG~0.00%
Published-16 Mar, 2026 | 04:32
Updated-31 Mar, 2026 | 00:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_switchSmart Switch
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2021-25447
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.47%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingssmartthings_firmwareSmart Things
CWE ID-CWE-284
Improper Access Control
CVE-2021-25446
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.38%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingssmartthings_firmwareSmart Things
CWE ID-CWE-284
Improper Access Control
CVE-2021-25448
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.23% / 46.17%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 19:44
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_touch_callSmart Touch Call
CWE ID-CWE-284
Improper Access Control
CVE-2023-21479
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.59%
||
7 Day CHG+0.02%
Published-03 Sep, 2025 | 05:17
Updated-28 Jan, 2026 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidsmart_suggestionsSamsung Mobile Devices
CVE-2024-20829
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.4||MEDIUM
EPSS-0.13% / 31.84%
||
7 Day CHG~0.00%
Published-05 Mar, 2024 | 04:44
Updated-14 Feb, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-internetSamsung Internet
CVE-2025-27807
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.08% / 22.61%
||
7 Day CHG~0.00%
Published-05 Jan, 2026 | 00:00
Updated-09 Jan, 2026 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2200exynos_2200_firmwareexynos_850_firmwareexynos_1480exynos_w920exynos_w930_firmwaremodem_5123modem_5300exynos_9110_firmwareexynos_980exynos_1380exynos_w1000_firmwareexynos_w1000exynos_1380_firmwareexynos_1580modem_5300_firmwaremodem_5400exynos_1280exynos_1330exynos_2400modem_5400_firmwareexynos_980_firmwareexynos_850exynos_2100_firmwareexynos_1580_firmwareexynos_w930exynos_1280_firmwareexynos_990_firmwareexynos_1080exynos_2100exynos_990exynos_w920_firmwareexynos_1080_firmwareexynos_9110modem_5123_firmwareexynos_1480_firmwareexynos_1330_firmwareexynos_2400_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-34666
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.5||HIGH
EPSS-5.10% / 89.94%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 06:30
Updated-30 Oct, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23107
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-0.38% / 59.59%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400exynos_1480_firmwareexynos_2400_firmwareexynos_1480n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23099
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.39% / 60.42%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 00:00
Updated-13 Jun, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480_firmwareexynos_2400_firmwareexynos_2400exynos_1480n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21051
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 4.59%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 06:33
Updated-23 Oct, 2025 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20964
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 19.77%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:24
Updated-21 May, 2025 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20943
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.10% / 26.82%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 04:39
Updated-05 Feb, 2026 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20882
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.06% / 19.65%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21053
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 5.92%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 06:33
Updated-23 Oct, 2025 | 12:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20937
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 08:22
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21034
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 6.80%
||
7 Day CHG+0.01%
Published-03 Sep, 2025 | 06:05
Updated-11 Sep, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20929
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.75%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-notesSamsung Notes
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21007
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.09% / 25.04%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-15 Jul, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidlibsavsvc.so
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20931
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.09% / 25.75%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 05:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-notesSamsung Notes
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21070
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 5.77%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 06:33
Updated-16 Oct, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21006
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-15 Jul, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidlibsavsvc.so
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21020
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 4.76%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 04:23
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20889
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 31.24%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20993
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.10% / 27.83%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 04:56
Updated-10 Feb, 2026 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20904
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 28.78%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:24
Updated-12 Feb, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21072
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.01% / 1.29%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 01:23
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20900
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.3||MEDIUM
EPSS-0.09% / 24.57%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-17 Jul, 2025 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-blockchain_keystoreBlockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20881
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.06% / 19.65%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20888
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7||HIGH
EPSS-0.11% / 29.06%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:19
Updated-12 Feb, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21052
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.02% / 5.92%
||
7 Day CHG~0.00%
Published-10 Oct, 2025 | 06:33
Updated-23 Oct, 2025 | 12:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-21043
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.8||HIGH
EPSS-4.91% / 89.72%
||
7 Day CHG~0.00%
Published-12 Sep, 2025 | 07:21
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-10-23||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile DevicesMobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-23432
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 5.21%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices with Exynos chipsets
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20556
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 34.67%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:23
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019).

Action-Not Available
Vendor-n/aGoogle LLCQualcomm Technologies, Inc.Samsung
Product-exynos_9610sm6150sm8150androidexynos_7885sm8150_fusionexynos_9820n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20601
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.67%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:12
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-exynos_7880exynos_7570androidexynos_7870exynos_8890exynos_7580n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20607
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.78%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 19:20
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019).

Action-Not Available
Vendor-n/aGoogle LLCQualcomm Technologies, Inc.Samsung
Product-msm8998androidexynos_7870msm8996exynos_8890exynos_8895exynos_7420n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20566
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 66.35%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 18:33
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019).

Action-Not Available
Vendor-n/aSamsung
Product-exynos_smp1300n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-19273
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.69%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 15:46
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidgalaxy_note8galaxy_s8exynos_8895galaxy_s8_plusn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-56426
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.90%
||
7 Day CHG~0.00%
Published-04 Nov, 2025 | 00:00
Updated-07 Nov, 2025 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. The lack of a length check leads to out-of-bounds writes via malformed USB packets to the target.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480exynos_1380_firmwareexynos_1080exynos_2200_firmwareexynos_1280_firmwareexynos_980_firmwareexynos_w1000exynos_w930exynos_990exynos_1330exynos_2400exynos_2100exynos_w920_firmwareexynos_850exynos_1080_firmwareexynos_1280exynos_850_firmwareexynos_2200exynos_990_firmwareexynos_w920exynos_1380exynos_w930_firmwareexynos_w1000_firmwareexynos_2400_firmwareexynos_1330_firmwareexynos_980exynos_1480_firmwareexynos_2100_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21018
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.8||MEDIUM
EPSS-0.02% / 5.05%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 04:56
Updated-14 May, 2026 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49408
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 30.20%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 02:17
Updated-13 Nov, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_s24galaxy_s24_firmwareSamsung Mobile Devicesgalaxy_s24_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49410
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.41%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 05:47
Updated-10 Feb, 2025 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49415
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.1||HIGH
EPSS-7.98% / 92.18%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 05:47
Updated-10 Feb, 2025 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30646
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.18%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:50
Updated-20 Nov, 2024 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-49409
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.4||MEDIUM
EPSS-0.12% / 30.20%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 02:17
Updated-13 Nov, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_s24galaxy_s24_firmwareSamsung Mobile Devicesgalaxy_s24_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-25052
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.54%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 20:24
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidexynos_9830n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-20878
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.3||HIGH
EPSS-0.18% / 38.54%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 06:42
Updated-10 Feb, 2025 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found