Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Secondary | 3.1 | 5.2 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=06 | mobile.security@samsung.com | Vendor Advisory |