Go straight to the menu Go straight to the text

Android Security Updates

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – December 2019 package. The Bulletin (December 2019) contains the following CVE items:

Critical
CVE-2019-10511, CVE-2019-2320, CVE-2019-10493, CVE-2019-2232, CVE-2019-2222(O8.x,P9.0), CVE-2019-2223(O8.x,P9.0)

High
CVE-2019-10485, CVE-2019-2337, CVE-2019-2213, CVE-2019-2214, CVE-2019-10559, CVE-2019-10571, CVE-2019-2215, CVE-2019-2310, CVE-2019-2196, CVE-2019-2198, CVE-2019-2036, CVE-2019-9464, CVE-2019-2217, CVE-2019-2218, CVE-2019-2220, CVE-2019-2224, CVE-2019-2225, CVE-2019-2226, CVE-2019-2227, CVE-2019-2228, CVE-2019-2230, CVE-2019-2116

Moderate
CVE-2019-11833, CVE-2019-2221, CVE-2019-2222(Q10.0), CVE-2019-2223(Q10.0)

Already included in previous updates
CVE-2019-2288, CVE-2019-2319, CVE-2019-2321, CVE-2019-2338, CVE-2019-10484, CVE-2019-10545

Not applicable to Samsung devices
CVE-2019-2229, CVE-2019-2124


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 13 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR December-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-15266: Arbitrary code execution in lock screen

Severity: High
Affected Versions: N(7.1), O(8.x), P(9.0), Q(10.0)
Reported on: August 13, 2019
Disclosure status: Privately disclosed
A vulnerability in Lock screen allows arbitrary code execution.
The patch adds signature check logic in the Lock screen code.


SVE-2019-15692, SVE-2019-15693: OOB Read in Kernel drivers

Severity: Low
Affected Versions: P(9.0) devices with selected Exynos chipsets
Reported on: September 9, 2019
Disclosure status: Privately disclosed.
Out-of-bounds read vulnerabilities exist in kernel drivers related to Wi-Fi module.
The patch adds the proper validation of the buffer length to prevent out-of-bounds read.


SVE-2019-15800: Developer options without authentication

Severity: Low
Affected Versions: O(8.x), P(9.0), Q(10.0)
Reported on: September 28, 2019
Disclosure status: Privately disclosed.
A vulnerability allows access to Developer options without authentication.
The patch blocks access to Developer options when it is disabled using Settings search feature.


SVE-2019-13996: S Secure Masked Apps vulnerability

Severity: Low
Affected Versions: N(7.x), O(8.x), P(9.0) devices released in China or India
Reported on: February 15, 2019
Disclosure status: Privately disclosed
A vulnerability in S Secure app, which is only released in China and India, allows launching of masked apps without password.
The patch addresses the issue in S Secure.


SVE-2019-15540: Home screen wallpaper disclosure from lock screen

Severity: Moderate
Affected Versions: P(9.0)
Reported on: September 5, 2019
Disclosure status: Privately disclosed.
A vulnerability exposes home screen wallpaper during adjusting brightness levels on locked devices.
The patch blocks home screen wallpaper exposure by showing black image instead.


SVE-2019-15533: Connection to new Bluetooth devices is possible from lock screen

Severity: Low
Affected Versions: O(8.x), P(9.0)
Reported on: September 5, 2019
Disclosure status: Privately disclosed.
A vulnerability allows connection to any new Bluetooth devices on locked devices.
The patch blocks scanning process on locked devices to prevent connection of new Bluetooth devices.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Steven Salerno: SVE-2019-15692, SVE-2019-15693
- Andr. Ess: SVE-2019-15800
- Prince Kumar: SVE-2019-13996
- Anton Puzanov of IBM Cyber Security Center: SVE-2019-15533

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release(SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – November 2019 package. The Bulletin (November 2019) contains the following CVE items:

Critical
CVE-2018-13916, CVE-2019-2315, CVE-2019-2271(A-129766175), CVE-2019-2289, CVE-2019-2336, CVE-2019-2339, CVE-2019-2204, CVE-2019-2205, CVE-2019-2206

High
CVE-2019-2295, CVE-2019-2303, CVE-2019-10490, CVE-2019-2271(A-129765571), CVE-2019-2335, CVE-2019-2318, CVE-2018-19824, CVE-2018-11902, CVE-2019-10535, CVE-2019-2268, CVE-2019-2192, CVE-2019-2193, CVE-2019-2195, CVE-2019-2199, CVE-2019-2211, CVE-2019-2197, CVE-2019-2201, CVE-2019-2202, CVE-2019-2203, CVE-2019-2233, CVE-2019-2207, CVE-2019-2212, CVE-2019-2208, CVE-2019-2209, CVE-2019-2117, CVE-2019-2215

Moderate
None

Already included in previous updates


Not applicable to Samsung devices
CVE-2019-2251, CVE-2019-2329


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 39 Samsung Vulnerabilities and Exposures (SVE) items described below,in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in“Security software version”, SMR November-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-14299: Insecure PermissionWhiteLists restriction on Firewall Application

Severity: Moderate
Affected Versions: N(7.1), O(8.x), P(9.0) devices released in China
Reported on: April 8, 2019
Disclosure status: Privately disclosed.
An invalid caller check in Firewall application, which is included in devices released in China, allows access withoutauthentication.
The patch adds signature check logic in Firewall application.


SVE-2019-14651, SVE-2019-14666: Arbitrary memory overwrite and stack overflow in SEM Trustlet

Severity: Critical
Affected Versions: Selected P(9.0) Qualcomm and TEEGRIS devices
Reported on: May 24, 2019
Disclosure status: Privately disclosed.
A possible arbitrary memory overwrite and stack overflow in SEM Trustlet allows arbitrary code execution.
The patch adds size check logic of wsm data in SEM Trustlet.


SVE-2019-14857: Heap Overflow in KNOX KAP Driver

Severity: Low
Affected Versions: P(9.0)
Reported on: June 18, 2019
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability exists in knox_kap driver.
The patch adds proper size check to prevent heap overflow.


SVE-2019-14869: OOB Read in WiFi vendor command

Severity: Low
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Broadcom chipsets
Reported on: June 19, 2019
Disclosure status: Privately disclosed.
A possible out-of-bounds read vulnerability exist in WiFi vendor command resulting in information leak.
The patch code adds proper size check to prevent OOB read.


SVE-2019-14942: OOB Read and Information Leak in a function in Kernel driver

Severity: Low
Affected Versions: N(7.x), O(8.x), P(9.0) devices with selected Exynos chipsets
Reported on: July 25, 2019
Disclosure status: Privately disclosed.
A possible buffer over-read and possible information leak vulnerability exist in core touch screen driver.
The patch code checks null byte of buffer in core touch screen driver.


SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123: Stack overflow and OOBRead in Kernel drivers

Severity: Low
Affected Versions: P(9.0) devices with selected Exynos chipsets
Reported on: June 18, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow and out-of-bounds read vulnerabilities exists in kernel drivers related to Wi-Fi module.
The patch adds the proper validation of the buffer length to prevent buffer overflow and out-of-bounds read.


SVE-2019-15034: Stack overflow in kernel driver

Severity: Low
Affected Versions: N(7.1), O(8.x), P(9.0) devices with selected Exynos chipsets
Reported on: July 6, 2019
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability exists in kernel driver.
The patch adds the proper validation of the buffer.


SVE-2019-15090: FRP bypass using SamsungPay mini

Severity: Moderate
Affected Versions: P(9.0)
Reported on: July 15, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with SamsungPay mini app.
The patch addressed the issue.


SVE-2019-15274: OOB write in ICCC Trustlet

Severity: High
Affected Versions: O(8.x), P(9.0) devices with Selected Exynos chipsets
Reported on: August 14, 2019
Disclosure status: Privately disclosed.
An invalid size check vulnerability exists in ICCC Trustlet.
The patch adds size check logic in the Trustlet.


SVE-2019-15283: Arbitrary memory write in TEEGRIS

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with Exynos chipset
Reported on: August 18, 2019
Disclosure status: Privately disclosed.
A buffer overflow vulnerability in HDCP Trustlet allows arbitrary memory write in secure memory within TEEGRIS.
The patch adds proper validation of the buffer length in trustlet and adds blocks access to unnecessary memory region.


SVE-2019-15350: Bluetooth firmware allows coexistence with WiFi

Severity: Low
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Broadcom WiFi chipsets
Reported on: August 21, 2019
Disclosure status: Privately disclosed.
A vulnerability in Broadcom Bluetooth firmware enables DoS attack to Broadcom Wi-Fi through common interface sharedbetween them.
The patch addressed the issue.


SVE-2019-15398: Data leakage through Bluetooth debug command

Severity: Low
Affected Versions: O(8.x), P(9.0)
Reported on: August 29, 2019
Disclosure status: Privately disclosed.
A vulnerability allows access to some data through Bluetooth debug command.
The patch blocks access to data through Bluetooth debug command.


SVE-2019-15399: Potential buffer overflow in Bootloader

Severity: Low
Affected Versions: P(9.0) devices with Qualcomm chipset
Reported on: August 29, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability exists in the bootloader of factory binary.
The patch adds proper validation of the buffer length.


SVE-2019-15724: Heap OOB in LE Packet reception

Severity: Critical
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Broadcom chipsets
Reported on: September 13, 2019
Disclosure status: Privately disclosed.
A heap overflow vulnerability in Broadcom Bluetooth can lead to remote code execution.
The patch addressed the issue.


SVE-2019-16009: Ultrasonic fingerprint scanner issue

Severity: High
Affected Versions: Galaxy S10/S10+/S10 5G and Note10/10+ devices
Reported on: October 17, 2019
Disclosure status: Publicly disclosed.
Inside surface textures of certain silicone covers may be recognized as a fingerprint resulting in unlocking of device.
The patch fixes the fingerprint issue.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.



Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Thomas Julien: SVE-2019-14299
- Hung Chi Su: SVE-2019-14651, SVE-2019-14666
- Salerno, Steven: SVE-2019-14857, SVE-2019-14869, SVE-2019-14942, SVE-2019-14965, SVE-2019-14966, SVE-2019-14968, SVE-2019-14969, SVE-2019-14970, SVE-2019-14980, SVE-2019-14981, SVE-2019-14982, SVE-2019-14983, SVE-2019-14984, SVE-2019-15122, SVE-2019-15123, SVE-2019-15034
- MIRCEA PASCA: SVE-2019-15090
- Aleksndr Tarasikov: SVE-2019-15274
- Menarini, Federico: SVE-2019-15283
- Jiska Classen: SVE-2019-15350
- Karim, Imtiaz: SVE-2019-15398
- Thomas Huntington: SVE-2019-15399
- Jan Ruge: SVE-2019-15724
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release(SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – October 2019 package. The Bulletin (October 2019) containsthe following CVE items:

Critical
CVE-2019-2258, CVE-2019-2184, CVE-2019-2185, CVE-2019-2186(N7.1, O8.x, P9.0)

High
CVE-2019-10505(A-123533258,A-132171579), CVE-2019-2246, CVE-2019-2283, CVE-2019-2316, CVE-2019-2181, CVE-2019-10488, CVE-2019-10496, CVE-2019-2249, CVE-2019-10495, CVE-2019-2285, CVE-2019-2325, CVE-2019-10491, CVE-2019-2332, CVE-2019-2331, CVE-2019-2324, CVE-2019-2323, CVE-2019-10504(A-134437132,A-134437173), CVE-2019-10512, CVE-2019-10529, CVE-2019-10515, CVE-2018-11891, CVE-2019-10524, CVE-2017-17768, CVE-2019-2173, CVE-2019-2110, CVE-2019-2114, CVE-2019-2187

Moderate
CVE-2019-2186(Q10.0)

Already included in previous updates
CVE-2019-2275, CVE-2019-10522, CVE-2019-10533, CVE-2019-10534, CVE-2019-10531

Not applicable to Samsung devices
CVE-2018-6240(A-110169243,A-72315181), CVE-2019-10541, CVE-2018-20669, CVE-2017-5715


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 17 Samsung Vulnerabilities and Exposures (SVE) items described below,in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in“Security software version”, SMR October-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-13805: S Secure App Lock vulnerability

Severity: Low
Affected Versions: O(8.x) devices released in China and India
Reported on: January 9, 2019
Disclosure status: Publicly disclosed.
A vulnerability in “S Secure” app, which is only released in China and India, allows users to access the content of “locked” appwithout password.
The patch addresses the issue.


SVE-2019-14869: OOB Read in Wi-Fi Vendor Command

Severity: Low
Affected Versions: P(9.0), O(8.x), N(7.1) devices with Broadcom chipset
Reported on: June 19, 2019
Disclosure status: Privately disclosed.
A possible information leak vulnerability exists in Wi-Fi vendor command.
The patch adds proper size check to prevent OOB read.


SVE-2019-14941: FRP bypass using Message

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: June 24, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with Class 0 Type Message.
The patch addresses the issue.


SVE-2019-15035: FRP bypass using RCS call

Severity: Moderate
Affected Versions: P(9.0)
Reported on: July 8, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with RCS call.
The patch addresses the issue.


SVE-2019-15143: Arbitrary memory read and write in RKP

Severity: High
Affected Versions: P(9.0) devices with SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, exynos9820 chipsets
Reported on: July 22, 2019
Disclosure status: Privately disclosed.
A lack of memory range check in RKP allows arbitrary memory read and write.
The patch adds proper range check of memory in RKP.


SVE-2019-15164: FRP bypass using External keyboard

Severity: Moderate
Affected Versions: O(8.x)
Reported on: July 26, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with External keyboard.
The patch addresses the issue.


SVE-2019-15189: Full access to pictures on locked devices

Severity: Moderate
Affected Versions: N(7.x)
Reported on: August 2, 2019
Disclosure status: Privately disclosed.
A vulnerability in Gallery app allows unauthorized users to get access to all pictures on the device.
The patch blocks the path which can be used to access all pictures stored in device storage.


SVE-2019-15221: RKP Memory Corruption

Severity: High
Affected Versions: P(9.0) devices with SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, exynos9820 chipsets
Reported on: August 7, 2019
Disclosure status: Privately disclosed.
A lack of memory range check in RKP allows controlling the effective address in EL2.
The patch adds proper range check of memory in RKP.


SVE-2019-15262: FRP with SIM card by blocking PUK code

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: August 10, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with SIM card by blocking PUK code.
The patch addresses the issue.


SVE-2019-14990: Buffer Overflow Vulnerability in Touch Screen Driver

Severity: Low
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: June 29, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability exists in touch screen driver.
The patch adds proper validation of buffer length to prevent buffer overflow.


SVE-2019-15055: Lockscreen Bypass Vulnerability through Gallery

Severity: Low
Affected Versions: Selected P(9.0) devices
Reported on: July 8, 2019
Disclosure status: Internally disclosed.
A vulnerability in Gallery allows access to previously taken photos without authentication.
The patch adds the proper validation of the parameter type.


SVE-2019-15261: A missing bounds check in BIOSUB Trustlet

Severity: Low
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: August 10, 2019
Disclosure status: Privately disclosed.
Lack of boundary checking of a buffer in BIOSUB trustlet can lead to out of bounds write.
The patch adds boundary checking.


SVE-2019-15230: Potential integer overflow in Bootloader

Severity: Low
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: August 8, 2019
Disclosure status: Privately disclosed.
Type mismatch between signed and unsigned integer in bootloader can lead to integer overflow.
The patch prevent integer overflow by changing the type of a variable into unsigned integer.


SVE-2019-15264: Buffer overflow in BIOSUB Trustlet

Severity: High
Affected Versions: P(9.0) devices with TEEGRIS
Reported on: August 11, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability exists in BIOSUB trustlet code exposing secure memory to user space.
The patch adds proper validation of buffer length to prevent buffer overflow.


SVE-2019-15272: A missing bounds check in SEC_FR Trustlet

Severity: Low
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: August 14, 2019
Disclosure status: Privately disclosed.
Lack of boundary checking of a buffer in SEC_FR trustlet can lead to out of bounds write.
The patch adds boundary checking.


SVE-2019-15435: Security enhancement for IMEI

Severity: Critical
Affected Versions: S9 and Note9 devices
Reported on: May 2, 2019
Disclosure status: Privately disclosed.
Enhancement in IMEI security mechanism is required for improved protection against potential IMEI manipulation.
The patch improves IMEI protection via enhancement in IMEI security mechanism.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Niraj Khatiwada: SVE-2019-13805
- Salerno, Steven: SVE-2019-14869, SVE-2019-14990
- MIRCEA PASCA: SVE-2019-14941, SVE-2019-15035, SVE-2019-15164, SVE-2019-15262
- Aleksandr Tarasikov: SVE-2019-15143, SVE-2019-15221, SVE-2019-15261, SVE-2019-15230, SVE-2019-15264, SVE-2019-15272
- Landerretche Serge: SVE-2019-15189
- Hamin, John: SVE-2019-15055
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - September 2019 package. The Bulletin (September 2019) contains the following CVE items:

Critical
CVE-2019-11516, CVE-2019-10539, CVE-2019-10540, CVE-2019-2176

High
CVE-2019-2294, CVE-2019-10509, CVE-2019-10538, CVE-2019-10499, CVE-2019-9506, CVE-2019-2127, CVE-2019-2123, CVE-2019-2174, CVE-2019-2175, CVE-2019-2103, CVE-2019-2177, CVE-2019-2115, CVE-2019-2178, CVE-2019-2179, CVE-2019-2180

Moderate
CVE-2018-9452

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2019-10489, CVE-2019-10492, CVE-2019-10510, CVE-2019-2124


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 17 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR September-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13300: Authentication bypass for change of USB setting

Severity: High
Affected Versions: O(8.x), P(9.0)
Reported on: October 19, 2018
Disclosure status: Privately disclosed.
A vulnerability allows attackers to change USB configuration without authentication.
The patch blocks the circumvention of authentication.


SVE-2019-14575: Brute force attack on screen lock password

Severity: High
Affected Versions: O(8.x), P(9.0) devices with Exynos7885, Exynos8895, and Exynos9810 chipsets
Reported on: May 17, 2019
Disclosure status: Privately disclosed.
A vulnerable design in GateKeeper trustlet allows brute force attack on screen lock password.
The patch introduces failure count stored in the secure location.


SVE-2019-14858: Remote stack corruption in Shannon modem

Severity: Critical
Affected Versions: All devices with SMP1300 Exynos modem chipset and above
Reported on: June 17, 2019
Disclosure status: Privately disclosed.
An invalid length check of RP-Originator/Destination address allows remote stack corruption.
The patch adds the proper length check of RP-Originator/Destination address.


SVE-2019-14993: Heap overflow in up_parm binary

Severity: Critical
Affected Versions: N(7.x), O(8.x), P(9.0) with Exynos chipset
Reported on: July 1, 2019
Disclosure status: Privately disclosed.
An invalid length check of an image file in up_param binary allows code execution in bootloader.
The patch adds the proper length check of image.


SVE-2019-15035: FRP bypass using RCS call

Severity: Moderate
Affected Versions: P(9.0)
Reported on: July 8, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with RCS call.
The patch addressed the issue.


SVE-2019-15067: Use-after-free via race condition

Severity: Low
Affected Versions: O(8.x), P(9.0) devices with Exynos and Qualcomm chipsets
Reported on: July 10, 2019
Disclosure status: Publicly disclosed.
A Use-After-Free vulnerability due to race condition causes memory corruption.
The patch introduces synchronization points to avoid all possibility of a race condition.


SVE-2019-15089: FRP bypass using status bar

Severity: Moderate
Affected Versions: P(9.0)
Reported on: July 15, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with status bar.
The patch addressed the issue.


SVE-2019-15138: FRP bypass using Smart Switch

Severity: Moderate
Affected Versions: P(9.0), O(8.0), N(7.1)
Reported on: July 20, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with a Smart Switch application.
The patch addressed the issue.


SVE-2019-14885: Missing Param Type check in WVDRM Trustlet

Severity: Critical
Affected Versions: O(8.x) devices with TEEGRIS
Reported on: June 20, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in WVDRM Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14651 and SVE-2019-14666: Arbitrary memory overwrite and stack overflow in SEM Trustlet

Severity: Critical
Affected Versions: P(9.0) devices with TEEGRIS and Qualcomm chipsets
Reported on: May 24, 2019
Disclosure status: Privately disclosed.
A possible arbitrary memory overwrite and stack overflow in SEM Trustlet allows arbitrary code execution.
The patch adds size check logic of wsm data in SEM Trustlet.


SVE-2019-14939: Buffer overflow vulnerability when kernel parses untrusted data

Severity: Low
Affected Versions: O(8.1), P(9.0) Exynos devices
Reported on: June 24, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability exists in load_kernel when kernel parses untrusted data.
The patch adds length check code in load_kernel.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Valerio Brussani: SVE-2018-13300
- Chao Cheng Yu of TeamT5: SVE-2019-14575
- Aleksandr Tarasikov: SVE-2019-14993, SVE-2019-14939
- MIRCEA PASCA: SVE-2019-15035, SVE-2019-15089, SVE-2019-15138
- Salerno, Steven: SVE-2019-15067
- Che-Yang Wu of TeamT5: SVE-2019-14885
- Hung Chi Su of TeamT5: SVE-2019-14651 and SVE-2019-14666
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - August 2019 package. The Bulletin (August 2019) contains the following CVE items:

Critical
CVE-2019-2254, CVE-2019-2330, CVE-2019-2308, CVE-2019-2130, CVE-2017-13177, CVE-2019-10539, CVE-2019-10540

High
CVE-2019-2235, CVE-2019-2326, CVE-2019-2307, CVE-2019-2328, CVE-2019-2276, CVE-2019-2305, CVE-2019-2120, CVE-2019-2121, CVE-2019-2122, CVE-2019-2126, CVE-2019-2128, CVE-2019-2129, CVE-2019-2131, CVE-2019-2132, CVE-2019-2133, CVE-2019-2134, CVE-2019-2135, CVE-2019-2136, CVE-2019-2137, CVE-2017-13279, CVE-2019-2294, CVE-2019-10538

Moderate
CVE-2019-2125, CVE-2018-9350

Already included in previous updates
CVE-2019-2239, CVE-2019-2240, CVE-2019-2241, CVE-2019-2236

Not applicable to Samsung devices
CVE-2019-2237, CVE-2019-2238, CVE-2019-2334, CVE-2019-2327, CVE-2019-2346, CVE-2019-2253, CVE-2019-2322, CVE-2019-2278


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 25 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR August-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-13805: S Secure App Lock vulnerability

Severity: Low
Affected Versions: P(9.0) devices released in China and India
Reported on: January 9, 2019
Disclosure status: Privately disclosed.
A vulnerability in “S Secure” app, which is only released in China and India, allows users to access the content of “locked” app without password.
The patch addresses the issue.


SVE-2019-14059, SVE-2019-14685: Local SQL Injection in RCS Content Provider

Severity: Moderate
Affected Versions: N(7.x) O(8.x) P(9.0)
Reported on: February 28, 2019
Disclosure status: Privately disclosed.
Third-party apps are able to perform arbitrary SQL queries via injection vector in RCS content provider.
The patch prevents SQL injection.


SVE-2019-14061: Local SQL Injection in Wi-Fi history Content Provider

Severity: Low
Affected Versions: N(7.x) O(8.x) P(9.0)
Reported on: February 28, 2019
Disclosure status: Privately disclosed.
Third-party apps are able to perform arbitrary SQL queries via injection vector Wi-Fi history content provider.
The patch prevents SQL injection.


SVE-2019-14204: Vulnerability in the handshake of WPA3

Severity: Moderate
Affected Versions: P(9.0)
Reported on: March 29, 2019
Disclosure status: Privately disclosed.
This vulnerability may weaken WPA3 security protection due to gaps in the implementation of the WPA3 specification to allow potential downgrade and/or dictionary attack.
The patch addresses the issue.


SVE-2019-14365: Exported and SQLi vulnerable MemorySaver Content Provider

Severity: Moderate
Affected Versions: P(9.0)
Reported on: April 26, 2019
Disclosure status: Privately disclosed.
A vulnerability in MemorySaver allows access to content provider database from unprivileged process.
The patch adds the permission of the content provider.


SVE-2019-14372: SMMU page fault in MALI GPU Driver

Severity: Low
Affected Versions: P(9.0) devices with Exynos chipsets
Reported on: April 29, 2019
Disclosure status: Privately disclosed.
An invalid address mapping in AFBC buffer allows corruption of memory resulting in kernel panic.
The patch modifies to map the address properly.


SVE-2019-14412: Buffer overflow Vulnerability when loading UH Partition

Severity: Low
Affected Versions: P(9.0) devices with Exynos 9820 chipset
Reported on: July 17, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability in secure boot allows arbitrary memory issues.
The patch adds size check logic and integrity check logic in secure boot code.


SVE-2019-14462: Gallery Bug of Location information settings

Severity: Low
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: May 12, 2019
Disclosure status: Privately disclosed.
A vulnerability in Gallery results in acceptance of T&C for Location information sharing without secure lock screen authentication.
The patch modifies the lock state check logic to enforce authentication in the T&C for Gallery Location information sharing.


SVE-2019-14651, SVE-2019-14666: Arbitrary memory overwrite and stack overflow in SEM Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with Exynos chipsets
Reported on: July 17, 2019
Disclosure status: Privately disclosed.
A possible arbitrary memory overwrite and stack overflow vulnerabilities in SEM Trustlet allows arbitrary code execution.
The patch adds size check logic of wsm data in SEM Trustlet.


SVE-2019-14653: Secure Folder Motion photo bug

Severity: Moderate
Affected Versions: P(9.0)
Reported on: May 25, 2019
Disclosure status: Privately disclosed.
A vulnerability in Motion photo player allows access to image information protected by Secure folder on normal state.
The patch integrates the layer of Motion photo player with Gallery layer on recent app view.


SVE-2019-14665: Stack overflow in HDCP Trustlet

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: May 27, 2019
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability in HDCP Trustlet allows potential arbitrary code execution.
The patch adds proper check of input data in trustlet.


SVE-2019-14764: Arbitrary file create with system-app privilege

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: June 7, 2019
Disclosure status: Privately disclosed.
A vulnerability in FotaAgent allows creating privileged files without proper permission from unprivileged process.
The patch adds proper permission check on FotaAgent to address the vulnerability.


SVE-2019-14837: Use after free in ion driver

Severity: High
Affected Versions: O(8.x), P(9.0) devices with Exynos9810 chipsets
Reported on: June 13, 2019
Disclosure status: Privately disclosed.
A possible use after free vulnerability exists in ion driver.
The patch removes vulnerable logic in ion driver.


SVE-2019-14847: Missing Param Type check in EXT_FR Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 14, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in EXT_FR Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14850: Missing Param Type check in HDCP Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 16, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in HDCP Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14851: Missing Param Type check in SEC_FR Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 16, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in SEC_FR Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14864: Missing Param Type check in FINGERPRINT Trustlet

Severity: Critical
Affected Versions: O(8.1), P(9.0) devices with TEEGRIS
Reported on: June 18, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in FINGERPRINT Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14867: Missing Param Type check in MLDAP Trustlet

Severity: Critical
Affected Versions: O(8.1), P(9.0) devices with TEEGRIS
Reported on: June 18, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in MLDAP Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14885: Missing Param Type check in WVDRM Trustlet

Severity: Critical
Affected Versions: P(9.0) devices with TEEGRIS
Reported on: June 20, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in WVDRM Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14891: Missing Param Type check in SEM Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 21, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in SEM Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14892: Missing Param Type check in SKPM Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 21, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in SKPM Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.



Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Niraj Khatiwada: SVE-2019-13805
- Calum Hutton: SVE-2019-14059, SVE-2019-14061
- Vanhoef, Mathy: SVE-2019-14204
- Julien Thomas: SVE-2019-14365, SVE-2019-14685
- Aleksandr Tarasikov: SVE-2019-14372, SVE-2019-14412
- Bogdan: SVE-2019-14462, SVE-2019-14653
- Hung Chi Su of TeamT5: SVE-2019-14651, SVE-2019-14666, SVE-2019-14891
- Chao Cheng Yu of TeamT5: SVE-2019-14665
- Che-Yang Wu of TeamT5: SVE-2019-14847, SVE-2019-14850, SVE-2019-14851, SVE-2019-14864, SVE-2019-14867, SVE-2019-14885, SVE-2019-14892
- Edward Flanker: SVE-2019-14764
- Nicolas Brito: SVE-2019-14837
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - July 2019 package. The Bulletin (July 2019) contains the following CVE items:

Critical
CVE-2019-2279, CVE-2019-2252, CVE-2019-2287, CVE-2018-13927, CVE-2018-13924, CVE-2019-2269, CVE-2019-2106, CVE-2019-2107, CVE-2019-2109, CVE-2019-2111

High
CVE-2019-2101, CVE-2018-13896, CVE-2019-2261, CVE-2019-2260, CVE-2019-2292, CVE-2018-9526, CVE-2019-2104, CVE-2019-2105, CVE-2019-2112, CVE-2019-2113, CVE-2019-2116, CVE-2019-2117, CVE-2019-2118, CVE-2019-2119

Moderate
None

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2019-6496, CVE-2019-2243


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 13 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR July-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-13952: Integer underflow in Secure Storage Trustlet

Severity: High
Affected Versions: O(8.0) devices with Qualcomm SDM660 chipset
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
A possible invalid input check vulnerability exists in Secure Storage trustlet allowing a potential integer underflow.
The patch adds size check logic in the Trustlet.


SVE-2019-14058: Local SQL Injection in Gear VR Service Content Provider

Severity: Moderate
Affected Versions: N(7.x) O(8.x) P(9.0)
Reported on: February 28, 2019
Disclosure status: Privately disclosed.
Third-party apps are able to perform arbitrary SQL queries via injection vector under the context of the app hosting the content provider.
The patch prevents SQL query strings using parameterized bound variables to mitigate injection.


SVE-2019-14062: Local SQL Injection in Story Video Editor Content Provider

Severity: High
Affected Versions: N(7.x) O(8.x) P(9.0)
Reported on: February 28, 2019
Disclosure status: Privately disclosed.
Third-party apps are able to perform arbitrary SQL queries via injection vector under the context of the app hosting the content provider.
The patch prevents SQL query strings using parameterized bound variables to mitigate injection.


SVE-2019-14208: Leaking Private Mode thumbnail contents

Severity: Moderate
Affected Versions: Select N(7.x), O(8.x) devices
Reported on: April 1, 2019
Disclosure status: Privately disclosed.
A vulnerability in Gallery allows leaking of contents in Private Mode even when Private Mode is disabled.
The patch moves the cache file to the application's sandbox.


SVE-2019-14371: Memory Overflow in Bootloader

Severity: Critical
Affected Versions: O(8.1), P(9.0) devices with Exynos chipsets
Reported on: April 29, 2019
Disclosure status: Privately disclosed.
A heap overflow vulnerability in bootloader can lead to memory issues.
The patch adds length check code in the bootloader.


SVE-2019-14545: Bluetooth on/off without permission

Severity: Low
Affected Versions: P(9.0)
Reported on: May 15, 2019
Disclosure status: Privately disclosed.
A vulnerability in Quick Panel allows turning on or turning off of Bluetooth without authentication in the secure lock screen state.
The patch modifies the lock state check logic to enforce authentication in Bluetooth Quick Panel.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Slava Makkaveev of Check Point: SVE-2019-13952
- Calum Hutton: SVE-2019-14058, SVE-2018-14062
- Andr. Ess: SVE-2019-14208, SVE-2019-14545
- Aleksandr Tarasikov: SVE-2019-14371
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - June 2019 package. The Bulletin (June 2019) contains the following CVE items:

Critical
CVE-2019-2256, CVE-2018-5912, CVE-2018-13898, CVE-2019-2255, CVE-2019-2093, CVE-2019-2094, CVE-2019-2095, CVE-2019-2097

High
CVE-2019-2257, CVE-2018-13906, CVE-2018-13908, CVE-2018-13907, CVE-2018-13902, CVE-2018-13910, CVE-2018-13909, CVE-2018-13911, CVE-2018-13919, CVE-2018-5913, CVE-2019-2259, CVE-2018-11955, CVE-2019-2090, CVE-2019-2091, CVE-2019-2092, CVE-2019-2096, CVE-2019-2102, CVE-2019-2098, CVE-2019-2099

Moderate
CVE-2019-2054

Already included in previous updates
CVE-2018-19860

Not applicable to Samsung devices
CVE-2018-13901, CVE-2018-6243


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR June-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-13958: Information disclosure in GateKeeper Trustlet

Severity: High
Affected Versions: N(7.x), O(8.x) devices with Exynos chipsets
Reported on: February 6, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability in Gatekeeper Trustlet allows information disclosure, and it can lead to memory leak.
The patch adds the proper input validation in Gatekeeper Trustlet.


SVE-2019-13952: Integer underflow in Secure Storage Trustlet

Severity: High
Affected Versions: O(8.x), P(9.0) devices with Qualcomm chipsets
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
A possible invalid input check vulnerability exists in Secure Storage Trustlet.
The patch adds size check logic in the Trustlet.


SVE-2019-14170: Information Leak from SPENgesture Service

Severity: Moderate
Affected Versions: N(7.1), O(8.x), P(9.0)
Reported on: March 21, 2019
Disclosure status: Privately disclosed.
A vulnerability in SPENgesture allows unprivileged applications to obtain and modify user input logs.
The patch adds signature check of the caller.


SVE-2019-14550: Use of insecure HTTP link in Galaxy store

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.x)
Reported on: April 9, 2019
Disclosure status: Privately disclosed.
Selected apps in Galaxy store sends request URL to check update availability over HTTP allowing an adversary Man-in-the-Middle (MitM) attack to download arbitrary apps.
The patch fixes the app update checking URL to HTTPS.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Akimov Andrei Valerievich: SVE-2019-13958
- Slava Makkaveev of Check Point: SVE-2019-13952
- Yousra Aafer of University of Waterloo: SVE-2019-14170
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - May 2019 package. The Bulletin (May 2019) contains the following CVE items:

Critical
CVE-2018-13886, CVE-2018-11271, CVE-2018-11940, CVE-2019-2044, CVE-2019-2045, CVE-2019-2046, CVE-2019-2047

High
CVE-2018-11299, CVE-2018-11828, CVE-2018-11870, CVE-2018-11859, CVE-2018-11872, CVE-2018-11884, CVE-2018-11873, CVE-2018-11853, CVE-2018-11871, CVE-2018-11880, CVE-2018-11822, CVE-2018-11861, CVE-2018-11877, CVE-2018-11850, CVE-2018-11849, CVE-2018-11874, CVE-2018-11821, CVE-2018-11875, CVE-2018-11856, CVE-2018-11867, CVE-2018-11882, CVE-2018-11854, CVE-2018-11862, CVE-2018-11904(A-111125111, A-111126462, A-111126531, A-111127063, A-111127792, A-111127854, A-111127907, A-111127908, A-111127947, A-111127970, A-111127971, A-111127985, A-111127986, A-111127988, A-111128007, A-111128243, A-111128419, A-111128479, A-111128619, A-111128638, A-111128639, A-111128836, A-111128839, A-111128875, A-111129383), CVE-2018-11851, CVE-2018-11840, CVE-2018-11902, CVE-2018-11826, CVE-2018-11894, CVE-2018-11860, CVE-2018-11868, CVE-2018-11827, CVE-2018-11891, CVE-2018-11869, CVE-2018-11897, CVE-2018-11895, CVE-2018-11923, CVE-2018-11927, CVE-2018-11953, CVE-2018-11937, CVE-2018-11925, CVE-2018-11924, CVE-2018-11949, CVE-2018-11930, CVE-2018-11928, CVE-2018-11968, CVE-2018-12005, CVE-2018-13885, CVE-2018-11967(A-119052960), CVE-2017-17772, CVE-2018-5855, CVE-2019-2041, CVE-2019-2049, CVE-2019-2050, CVE-2019-2051, CVE-2019-2052, CVE-2019-2053

Moderate
CVE-2018-11819, CVE-2016-2428, CVE-2019-2043

Already included in previous updates
CVE-2018-12004, CVE-2018-11976, CVE-2018-12013, CVE-2018-12012, CVE-2018-13887, CVE-2018-11294, CVE-2018-11876, CVE-2018-11967(A-119049704), CVE-2018-13920

Not applicable to Samsung devices
CVE-2019-2250, CVE-2018-11291, CVE-2018-11879, CVE-2018-11904(A-111125545, A-111127791, A-111127873, A-111127906, A-111127909, A-111127972, A-111127987, A-111128008, A-111128009, A-111128242, A-111128245, A-111128576, A-111128577, A-111128616, A-111128617, A-111128636, A-111128796, A-111128835, A-111128837, A-111129693), CVE-2018-11889, CVE-2018-11878, CVE-2018-11905, CVE-2018-11936, CVE-2018-13925, CVE-2019-2244, CVE-2018-13895, CVE-2019-2245


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 21 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR May-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-12896, SVE-2018-12897: Keyboard learned words and clipboard contents are leaked on the lock screen via Bixby

Severity: Moderate
Affected Versions: Selected O(8.x) devices
Reported on: September 26, 2018
Disclosure status: Privately disclosed.
This vulnerability allows access to keyboard learned words and clipboard contents via Bixby.
The patch removes options for showing learned words and editing text from the keyboard while the devices are locked.


SVE-2018-13326: Vulnerability of secured notifications when using Voice Assistant

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0) devices
Reported on: October 25, 2018
Disclosure status: Privately disclosed.
When the voice assistant is turned on, the secured app’s notification content becomes audible outside of container.
The patch modifies the voice assistant not to notify the secured app’s notifications.


SVE-2019-13958: Information disclosure in GateKeeper Trustlet

Severity: High
Affected Versions: P(9.0) devices with Exynos chipsets
Reported on: February 6, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability in Gatekeeper Trustlet allows information disclosure, and it can lead to memory leak.
The patch adds the proper input validation in Gatekeeper Trustlet.


SVE-2019-13921-1: A use-after-free vulnerability exists within the MALI GPU driver

Severity: High
Affected Versions: O(8.0), P(9.0) devices with Exynos8890 chipset
Reported on: January 31, 2019
Disclosure status: Privately disclosed.
A vulnerability in MALI GPU driver allows arbitrary kernel read/write.
The patch removes vulnerable logic in MALI GPU driver.


SVE-2019-13921-2: RKP Memory Corruption

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos7570, 7580, 7870, 7880, 8890 chipsets
Reported on: January 31, 2019
Disclosure status: Privately disclosed.
A vulnerability in RKP allows arbitrary write to protected memory.
The patch fixes memory mapping logic in RKP.


SVE-2019-13949: NULL dereference in Authnr Trustlet

Severity: Low
Affected Versions: N(7.x), O(8.0), P(9.0) devices with Qualcomm chipsets
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability in Authnr Trustlet allows null pointer dereference leading to a possible crash.
The patch adds the proper input validation in Authnr Trustlet.


SVE-2019-13950: NULL dereference in ESECOMM Trustlet

Severity: Low
Affected Versions: N(7.x), O(8.0), P(9.0) devices with Qualcomm chipsets
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability in ESECOMM Trustlet allows null pointer dereference leading to a possible crash.
The patch adds the proper input validation in ESECOMM Trustlet.


SVE-2019-13952: Integer Underflow in Secure Storage Trustlet

Severity: High
Affected Versions: O(8.x), P(9.0) devices with Qualcomm(MSM8998, SDM845, SM8150) chipsets
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability exists in Secure Storage Trustlet.
The patch adds the proper input validation in Secure Storage Trustlet.


SVE-2019-14008: Security issue in Secure Folder

Severity: Moderate
Affected Versions: O(8.x), P(9.0) devices
Reported on: February 11, 2019
Disclosure status: Privately disclosed.
A vulnerability allows access to Secure folder without authentication via adb command.
The patch blocks access to Secure folder via adb command while Secure folder is locked.


SVE-2019-14031: Gallery Security Issue

Severity: Low
Affected Versions: O(8.x) devices
Reported on: February 23, 2019
Disclosure status: Privately disclosed.
A vulnerability disables Gallery application permanently.
The patch addresses the issue.


SVE-2019-14071: Remote memory overflow in Shannon modem

Severity: Critical
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: March 2, 2019
Disclosure status: Privately disclosed.
A heap overflow vulnerability in baseband can lead to memory issues.
The patch adds length check code in the baseband code.


SVE-2019-14073: Potential Phishing Flow in OMACP

Severity: High
Affected Versions: All devices with all OS versions
Reported on: March 4, 2019
Disclosure status: Privately disclosed.
A vulnerability in OMACP application allows attackers to send manipulated OMCP message to change the network and internet settings in the device via phishing campaigns.
The patch blocks devices from receiving insecure OMACP message.


SVE-2019-14126: Heap overflow in the keymaster Trustlet

Severity: Critical
Affected Versions: N(7.x) O(8.x) P(9.0) devices with MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, Exynos8895 chipset
Reported on: March 13, 2019
Disclosure status: Privately disclosed.
A heap overflow in the keymaster Trustlet allows attackers to write memory in TEE, and it can lead to arbitrary code execution in a privileged process.
The patch adds boundary checks in Keymaster Trustlet.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Bogdan: SVE-2018-12896, SVE-2018-12897
- Aleksandr Ruiz: SVE-2018-13326
- Andrei Akimov of Digital Security: SVE-2019-13958, SVE-2019-14126
- Gruskovnjak Jordan: SVE-2019-13921
- Slava Makkaveev of Check Point: SVE-2019-13949, SVE-2019-13950, SVE-2019-13952 
- James Dean working with Zero Day Initiative: SVE-2019-14008
- Julian Jackson: SVE-2019-14031
- Artyom Skrobov of Check Point: SVE-2019-14073
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Apr 2019 package. The Bulletin (Apr 2019) contains the following CVE items:

Critical
CVE-2018-11817, CVE-2018-11958, CVE-2019-2027, CVE-2019-2028, CVE-2019-2029

High
CVE-2018-11970, CVE-2018-11966, CVE-2018-11971, CVE-2018-10879, CVE-2019-2025, CVE-2018-10883, CVE-2018-13899, CVE-2018-13917, CVE-2019-2023, CVE-2019-2003, CVE-2019-2026, CVE-2019-2030, CVE-2019-2031, CVE-2019-2032, CVE-2019-2033, CVE-2019-2034, CVE-2019-2035, CVE-2019-2037, CVE-2019-2038, CVE-2019-2039, CVE-2019-2040

Moderate
None

Already included in previous updates
CVE-2018-13918, CVE-2017-8252(A-79419898, A-79420414)

Not applicable to Samsung devices
CVE-2019-2024, CVE-2017-8252(A-112277630, A-112279542, A-114041175)


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 15 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Apr-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13164, SVE-2018-13165: Change of protected features without authentication via Emergency mode

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0) devices
Reported on: October 9, 2018
Disclosure status: Privately disclosed.
Improper startup procedure in Emergency mode allows unauthorized users to accept Emergency mode EULA instead of the device owner and disable some protected features without any prior authentication.
The patch adds authentication procedure before it starts Emergency mode.


SVE-2019-13899: Smartwatch bug

Severity: High
Affected Versions: P(9.0) devices
Reported on: January 25, 2019
Disclosure status: Privately disclosed.
A vulnerability in Secure Folder allows to show the Secure Folder notification content in smartwatch.
The patch adds the notification ID check and reject if it comes from Secure Folder.


SVE-2019-13910: Arbitrary code execution in Trustlet

Severity: Critical
Affected Versions: N(7.X), O(8.X) devices with Exynos 7570, 7870, 7880, 7885, 8890, 8895, 9810 chipsets
Reported on: January 29, 2019
Disclosure status: Privately disclosed.
Double-fetch vulnerability in Trustlet allows arbitrary code execution in the TEE.
The patch addresses the double-fetch vulnerability in the Trustlet.


SVE-2019-13963: Stack overflow in Baseband

Severity: Critical
Affected Versions: N(7.x), O(8.x), Go(8.1), P(9.0), Go(9.0) devices with Exynos chipsets
Reported on: February 5, 2019
Disclosure status: Privately disclosed.
A stack overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband code.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Andr. Ess : SVE-2018-13164, SVE-2018-13156
- Bogdan: SVE-2019-13899
- Eloi Sanfelix : SVE-2019-13910
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Mar 2019 package. The Bulletin (Mar 2019) contains the following CVE items:

Critical
CVE-2018-11262, CVE-2018-11289, CVE-2018-11820, CVE-2018-11938, CVE-2018-11945, CVE-2019-1989, CVE-2019-1990, CVE-2019-2009

High
CVE-2018-10879, CVE-2019-1999, CVE-2019-2000, CVE-2019-2001, CVE-2018-11280, CVE-2018-13900, CVE-2018-13905, CVE-2018-11268, CVE-2018-11845, CVE-2018-11864, CVE-2018-11921, CVE-2018-11931, CVE-2018-11932, CVE-2018-11935, CVE-2018-11948, CVE-2018-5839, CVE-2018-13904, CVE-2018-20346, CVE-2019-1985, CVE-2019-2004, CVE-2019-2006, CVE-2019-2007, CVE-2019-2008, CVE-2019-2010, CVE-2019-2011, CVE-2019-2012, CVE-2019-2013, CVE-2019-2014, CVE-2019-2015, CVE-2019-2016, CVE-2019-2017, CVE-2019-2018, CVE-2018-9561, CVE-2018-9563, CVE-2018-9564, CVE-2019-2019, CVE-2019-2020, CVE-2019-2021, CVE-2019-2022

Moderate
CVE-2019-2005

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2018-6271, CVE-2018-6267, CVE-2018-6268, CVE-2016-6684, CVE-2018-11275


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Mar-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13162: TCP SYN Packet Denial of Service Vulnerability on the WIFI interface

Severity: High
Affected Versions: N(7.x), O(8.x) devices with Broadcom WIFI and SEC WIFI chipsets
Reported on: October 9, 2018
Disclosure status: Privately disclosed.
A vulnerability in WIFI allows denial of service due to memory exhaustion from TCP SYN flooding attack.
The patch prevents memory exhaustion when TCP SYN flooding attack is detected.


SVE-2018-13452: Time based SQL injection in Contacts

Severity: High
Affected versions: N(7.x), O(8.x) devices
Reported on: November 11, 2018
Disclosure status: Privately disclosed.
A possible time-based SQL injection vulnerability in Contacts application allows unauthorized access to contact information.
The patch adds placeholder to prevent SQL injection in Contacts application.


SVE-2018-13453: Unauthorized access to sensitive information in Allshare

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0) devices
Reported on: November 11, 2018
Disclosure status: Privately disclosed.
A vulnerability in Allshare fileshare service allows unauthorized access to device sensitive information.
The patch modifies the storage path of device information to sandboxed area for protection.


SVE-2018-13467: Heap Overflow in Baseband(SS ASN Decoding)

Severity: Critical
Affected versions: O(8.x) devices with Exynos chipsets
Reported on: November 13, 2018
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband.


SVE-2018-13547: FRP bypass using SVoice T&C

Severity: Low
Affected Versions: N(7.x), O(8.x) devices
Reported on: November 21, 2018
Disclosure status: Privately disclosed.
External link exposure in SVoice T&C allows Factory Reset Protection (FRP) bypass.
The patch prevents access to the specific link by removing the URL in T&C.


SVE-2018-13563: Leakage of private mode content’s thumbnail

Severity: Moderate
Affected versions: Selected N(7.x), O(8.x) devices which supports Private Mode
Reported on: November 27, 2018
Disclosure status: Privately disclosed.
A vulnerability in Gallery leaks Private Mode thumbnail contents.
The patch modifies handling of cache file to disabled access to Private Mode.


SVE-2018-13764: Preview exposure of Secure Folder

Severity: Moderate
Affected versions: P(9.0) devices
Reported on: December 28, 2018
Disclosure status: Privately disclosed.
A vulnerability in Secure Folder allows exposure of preview in recent apps.
The patch fixes Secure Folder to protect preview in recent apps.


SVE-2018-13765: Unpinning of app without authentication

Severity: Moderate
Affected versions: P(9.0) devices
Reported on: December 28, 2018
Disclosure status: Privately disclosed.
A vulnerability in Pin Window feature allows unpinning of app without authentication.
The patch fixes Pin Window to enforce authentication when unpinning app.


SVE-2019-13773: Secure startup bug

Severity: Moderate
Affected versions: P(9.0) devices
Reported on: January 3, 2019
Disclosure status: Privately disclosed.
A vulnerability in Secure Startup feature allows exposure of keyboard suggested words.
The patch blocks Samsung Keyboard from showing suggested words in the Secure Startup.


SVE-2019-13814, SVE-2019-13815: Security setting modifications without authentication

Severity: High
Affected versions: P(9.0) devices
Reported on: January 12, 2019
Disclosure status: Privately disclosed.
A vulnerability in Settings allows security settings modifications without authentication via certain unprivileged activities.
The patch fixes Settings to protect component from unprivileged activities.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Jelmer de Hen: SVE-2018-13452
- Pholwongsa, Voottisak: SVE-2018-13547
- Andr. Ess: SVE-2018-13453, SVE-2018-13563
- Bogdan: SVE-2018-13764, SVE-2018-13765, SVE-2019-13773, SVE-2019-13814, SVE-2019-13815
- Pierre Barre and Chaouki Kasmi from DarkMatter: SVE-2018-13162
- Fluoroacetate working with Zero Day Initiative: SVE-2018-13467
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Feb 2019 package. The Bulletin (Feb 2019) contains the following CVE items:

Critical
CVE-2019-1986, CVE-2019-1987, CVE-2019-1988, CVE-2019-1991, CVE-2019-1992

High
CVE-2018-13405, CVE-2018-10876, CVE-2018-10877, CVE-2018-10882, CVE-2018-18281, CVE-2018-12014, CVE-2017-17760, CVE-2018-5268, CVE-2018-5269, CVE-2019-1993, CVE-2019-1994, CVE-2019-1996, CVE-2019-1997, CVE-2019-1998

Moderate
CVE-2017-18009

Already included in previous updates
CVE-2018-11847, CVE-2018-17182, CVE-2018-11888, CVE-2018-11962, CVE-2018-13889

Not applicable to Samsung devices
CVE-2018-10880, CVE-2018-6241, CVE-2018-13888, CVE-2019-1995


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 12 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Feb-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13187: Heap overflow in Baseband

Severity: Critical
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: October 15, 2018
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability in baseband may cause memory issues.
The patch adds length check code in the baseband.


SVE-2018-13188: Stack overflow in Baseband

Severity: Critical
Affected versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: October 15, 2018
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband.


SVE-2018-13060: Possible uninitialized memory disclosure in Gallery

Severity: Low
Affected Versions: N(7.1), O(8.x), P(9.0) devices
Reported on: September 26, 2018
Disclosure status: Privately disclosed.
A vulnerability in the library that parses the images exposes memory when opening images via Gallery app.
The patch addresses the memory exposure in Gallery app.


SVE-2018-12981: Keyboard learned words are leaked on the lock screen via S-Voice

Severity: Moderate
Affected versions: N(7.x), O(8.x) devices
Reported on: September 9, 2018
Disclosure status: Privately disclosed.
A vulnerability in Keyboard allows access to learned words via S-Voice in the locked state.
The patch blocks access to Keyboard’s learned words in the lock screen.


SVE-2018-13427: Information disclosure in the ion debugfs driver

Severity: Low
Affected Versions: N(7.1), O(8.x) devices with Exynos chipsets
Reported on: November 5, 2018
Disclosure status: Privately disclosed.
A possible information leak vulnerability exists in the ion debugfs driver.
The patch prevents output of kernel driver in the kernel log.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Belchenko Artem: SVE-2018-13060
- Bogdan: SVE-2018-12981
- Jianqiang Zhao: SVE-2018-13427
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Jan 2019 package. The Bulletin (Jan 2019) contains the following CVE items:

Critical
CVE-2018-11279, CVE-2017-8248, CVE-2018-9583

High
CVE-2017-18160, CVE-2018-9568, CVE-2018-11963,CVE-2018-11960, CVE-2018-9565, CVE-2017-18329, CVE-2017-18326, CVE-2017-18321,CVE-2017-18323,CVE-2017-18324,CVE-2017-18332,CVE-2017-18319,CVE-2017-18322,CVE-2017-18328, CVE-2018-5915,CVE-2018-9582,CVE-2018-9584,CVE-2018-9585,CVE-2018-9586,CVE-2018-9587,CVE-2018-9588,CVE-2018-9589,CVE-2018-9590,CVE-2018-9591,CVE-2018-9592,CVE-2018-9593,CVE-2018-9594

Moderate
None

Already included in previous updates
CVE-2018-11267, CVE-2018-11961, CVE-2018-10840, CVE-2018-5869, CVE-2017-18320, CVE-2017-11004, CVE-2017-18141, CVE-2017-8276, CVE-2018-3595, CVE-2017-18330, CVE-2018-11999, CVE-2018-5868, CVE-2018-5867, CVE-2017-18331, CVE-2017-18327, CVE-2017-5754, CVE-2018-5913

Not applicable to Samsung devices
CVE-2018-11922, CVE-2018-9567


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 4 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13162: TCP SYN Packet Denial Of Service Vulnerability on the WIFI interface

Severity: High
Affected Versions: N(7.0), O(8.x) devices with Exynos9810 chipset
Reported on: October 9, 2018
Disclosure status: Privately disclosed.
A vulnerability in WIFI allows denial of service due to memory exhaustion from TCP SYN flooding attack.
The patch prevents memory exhaustion when TCP SYN flooding attack is detected.


SVE-2018-13467: Heap Overflow in Baseband (SS ASN Decoding)

Severity: Critical
Affected versions: O(8.x) devices with Exynos9810 chipset
Reported on: November 13, 2018
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband.


SVE-2018-13474: Captive Portal redirection vulnerability

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: November 13, 2018
Disclosure status: Privately disclosed.
A vulnerability in Captive Portal allows automatic redirection to unsafe applications.
The patch blocks handling of custom scheme in Captive Portal to prevent automatic redirection.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Pierre Barre and Chaouki Kasmi from DarkMatter: SVE-2018-13162
- Fluoroacetate working with Zero Day Initiative: SVE-2018-13467
- MWR Labs working with Zero Day Initiative: SVE-2018-13474