Your choice regarding cookies on this site

This site uses cookies to provide you the best user experience possible with optimized functionality. By continuing to use this site, you accept our use of cookies

Accept
Go straight to the menu Go straight to the text
Home>Security Updates>Firmware Updates

Security Updates

2021Open selected window by year

Close selected window by year
January February March April May

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – May 2021 package. The Bulletin (May 2021) contains the following CVE items:

Critical
CVE-2021-0473, CVE-2021-0474, CVE-2021-0475

High
CVE-2020-25705, CVE-2020-11246, CVE-2020-11234, CVE-2020-15436, CVE-2020-29368, CVE-2020-11251, CVE-2020-11236, CVE-2020-11247, CVE-2020-11237, CVE-2020-11191, CVE-2020-11255, CVE-2020-11243, CVE-2021-0445, CVE-2021-0428, CVE-2021-0472, CVE-2021-0485, CVE-2021-0487, CVE-2021-0482, CVE-2021-0484, CVE-2021-0476, CVE-2021-0477, CVE-2021-0481, CVE-2021-0466, CVE-2021-0480

Moderate
CVE-2021-0375, CVE-2021-0387, CVE-2021-0369, CVE-2021-0382, CVE-2021-0368, CVE-2021-0374, CVE-2021-0378, CVE-2021-0379, CVE-2021-0384, CVE-2021-0370, CVE-2021-0372, CVE-2021-0377, CVE-2021-0380, CVE-2021-0383, CVE-2021-0386, CVE-2021-0388, CVE-2021-0371

Already included in previous updates
CVE-2020-11242, CVE-2020-11245, CVE-2020-11210, CVE-2020-11252, CVE-2020-11292*

*Select devices have been patched since January of 2021


Not applicable to Samsung devices
CVE-2021-0468


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 23 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR May-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-20636 (CVE-2021-25388): Arbitray app installation vulnerability in Knox Core

Severity: High
Affected versions: R(11.0)
Reported on: February 16, 2021
Disclosure status: Privately disclosed
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
The patch restricts privilege of app that calls Knox Core.


SVE-2021-20690 (CVE-2021-25392): Possible to access notification policy file of DeX

Severity: Moderate
Affected versions: P(9.0), Q(10.0) , R(11.0)
Reported on: February 14, 2021
Disclosure status: Privately disclosed
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
The patch removes the vulnerable code.


SVE-2021-20731 (CVE-2021-25393): Possible to read/write access to arbitrary files as system user

Severity: High
Affected versions: Q(10.0) , R(11.0)
Reported on: February 18, 2021
Disclosure status: Privately disclosed
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
The patch sanitizes incoming Intent before passing it to caller.


SVE-2021-20167 (CVE-2021-25394), SVE-2021-20168 (CVE-2021-25395): UAF in mfc charger driver

Severity: Moderate
Affected versions: Selected O(8.1), P(9.0), Q(10.0), R(11.0) Exynos and Qualcomm devices
Reported on: December 31, 2020
Disclosure status: Privately disclosed
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
The patch adds proper synchronization points to avoid all possibility of a race condition.


SVE-2021-20511 (CVE-2021-25396): Arbitrary memory write in the Neural Processing Unit Firmware

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos9820, 9830, 980, 2100 chipsets
Reported on: January 31, 2021
Disclosure status: Privately disclosed
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
The patch fixes incorrect implementation of NPU firmware.


SVE-2021-20716 (CVE-2021-25397): Arbitrary file write int TelephonyUI

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0) devices
Reported on: February 16, 2021
Disclosure status: Privately disclosed
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
The patch adds the proper permission check to prevent improper access to TelephonyUI.


SVE-2021-20204 (CVE-2021-25389): Authentication bypass in S Secure

Severity: Low
Affected versions: P(9.0)
Reported on: January 6, 2021
Disclosure status: Privately disclosed
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.
The patch modifies the logic that check running process.


SVE-2021-20724 (CVE-2021-25390): Intent redirection in PhotoTable

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: February 17, 2021
Disclosure status: Privately disclosed
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
The patch restricts apps that can call PhotoTable.


SVE-2021-20500 (CVE-2021-25391): Intent redirection in Secure Folder

Severity: Moderate
Affected versions: R(11.0)
Reported on: January 29, 2021
Disclosure status: Privately disclosed
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
The patch restricts apps that can call SecureFolder.


SVE-2021-20154 (CVE-2021-25383): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 3, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-20183 (CVE-2021-25384): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-20184 (CVE-2021-25385): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-20185 (CVE-2021-25386): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-20202 (CVE-2021-25387): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 6, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.



Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Sergey Toshin of Oversecured Inc: SVE-2021-20636, SVE-2021-20690, SVE-2021-20731, SVE-2021-20716, SVE-2021-20724, SVE-2021-20500
Maxime Peterlin: SVE-2021-20511
Harsh Tyagi: SVE-2021-20204
Le Wu of Baidu Security: SVE-2021-20154, SVE-2021-20183, SVE-2021-20184, SVE-2021-20185, SVE-2021-20202
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – April 2021 package. The Bulletin (April 2021) contains the following CVE items:

Critical
CVE-2020-11204, CVE-2020-11228, CVE-2020-11218, CVE-2020-11192, CVE-2020-11227, CVE-2021-0430

High
CVE-2020-11178, CVE-2020-11165, CVE-2020-11195, CVE-2020-11198, CVE-2020-11194, CVE-2020-11220, CVE-2020-11199, CVE-2020-11221, CVE-2020-11308, CVE-2020-11290, CVE-2020-11309, CVE-2020-11186, CVE-2020-11226, CVE-2020-11171, CVE-2020-11222, CVE-2020-11188, CVE-2020-11190, CVE-2020-11189, CVE-2020-11166, CVE-2021-0399, CVE-2021-0400, CVE-2021-0426, CVE-2021-0427, CVE-2021-0432, CVE-2021-0438, CVE-2021-0439, CVE-2021-0442, CVE-2021-0443, CVE-2021-0444, CVE-2021-0338, CVE-2021-0437, CVE-2021-0436, CVE-2021-0471, CVE-2021-0429, CVE-2021-0433, CVE-2021-0431, CVE-2021-0435

Moderate
None

Already included in previous updates
CVE-2020-11223

Not applicable to Samsung devices
CVE-2020-11299, CVE-2021-0446


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 21 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR April-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-19881 (CVE-2021-25358): Improper store path for IMSI value

Severity: Moderate
Affected versions: P(9.0), Q(10.0)
Reported on: December 9, 2020
Disclosure status: Privately disclosed.
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.
The patch modifies the store path for IMSI values to proper path to prevent unauthorized access.


SVE-2021-20333 (CVE-2021-25362): Improper permission management in CertInstaller

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0)
Reported on: January 16, 2021
Disclosure status: Privately disclosed.
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.
The patch deletes mis-used permission in CertInstaller to prevent untrusted access to local files.


SVE-2021-19820 (CVE-2021-25359): AP information leakage vulnerability

Severity: Low
Affected versions: Q(10.0), R(11.0)
Reported on: December 3, 2020
Disclosure status: Privately disclosed.
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
The patch removes the improper SELinux policy item.


SVE-2021-20274 (CVE-2021-25360): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: Q(10.0)
Reported on: January 11, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-19180 (CVE-2021-25361): Arbitrary file read/write vulnerability via unprotected StickerCenter content provider

Severity: High
Affected versions: P(9.0), Q(10.0)
Reported on: October 8, 2020
Disclosure status: Privately disclosed.
An improper access control vulnerability in StickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
The patch adds the proper caller check to prevent improper access to StickerCenter.


SVE-2021-19620 (CVE-2021-25357): PendingIntent hijacking vulnerability in Create Movie

Severity: Moderate
Affected versions: O(8.1), P(9.0)
Reported on: November 10, 2020
Disclosure status: Privately disclosed.
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
The patch changes implicit intent to explicit intent in PendingIntent of Create Movie to prevent unprivileged access to contact.


SVE-2021-20190 (CVE-2021-25363): Process information exposure vulnerability in ActivityManagerService

Severity: Moderate
Affected versions: Selected O(8.1), P(9.0), Q(10.0), R(11.0) devices
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processes delete some local files.
The patch deletes mis-used permission in CertInstaller not to allow untrusted access to local files.


SVE-2021-19667 (CVE-2021-25364): PendingIntent hijacking vulnerability in Secure Folder

Severity: Moderate
Affected versions: R(11.0)
Reported on: November 16, 2020
Disclosure status: Privately disclosed.
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
The patch changes implicit intent to explicit intent in Secure Folder to prevent unprivileged access to contact.


SVE-2021-20733 (CVE-2021-25356): 3rd party authentication bypass in Managed Provisioning

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: February 15, 2021
Disclosure status: Privately disclosed.
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.
The patch prevents creating knox container without privilege to mitigate the vulnerability.


SVE-2021-20454 (CVE-2021-25365): Arbitrary memory address unmap vulnerability in softsimd

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: January 26, 2021
Disclosure status: Privately disclosed.
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.
The patch adds proper exception check logic code in softsimd to prevent unprivileged access.


SVE-2021-20775 (CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-11264, CVE-2020-11301): Wi-Fi Fragment & Forge vulnerabilities

Severity: High to Critical
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: January 26, 2021
Disclosure status: Privately disclosed.
Multiple vulnerabilities in the Wi-Fi standards related to fragmentation and aggregation implemented by Wi-Fi chipset providers allow proximate attacker to inject arbitrary packets, forge encrypted frames and exfiltrate data in protected Wi-Fi network.
Respective patches are provided by the Wi-Fi chipset providers to address the vulnerabilities.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Zhang Qing , Bytedance and Bai Guang dong, The University of Queensland: SVE-2021-19881, SVE-2021-19820
Anonymous: SVE-2021-19180
Le Wu of Baidu Security: SVE-2021-20274
Sergey Toshin of Oversecured Inc: SVE-2021-20733
hard_______: SVE-2021-19620, SVE-2021-19667
heeeeen of ZIWU Security Lab: SVE-2021-20333
Zhang Qing from Bytedance WuHeng team: SVE-2021-20190
Zhongquan Li @ CytQ: SVE-2021-20454
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – March 2021 package. The Bulletin (March 2021) contains the following CVE items:

Critical
CVE-2020-11170, CVE-2020-11163, CVE-2020-11272, CVE-2021-0397

High
CVE-2020-11271, CVE-2020-11282, CVE-2017-18509, CVE-2020-11286, CVE-2020-11177, CVE-2020-11187, CVE-2020-11253, CVE-2020-11281, CVE-2020-11296, CVE-2020-11269, CVE-2020-11275, CVE-2020-11280, CVE-2020-11287, CVE-2020-11276, CVE-2020-11270, CVE-2020-11297, CVE-2020-11278, CVE-2021-0395, CVE-2021-0391, CVE-2021-0398, CVE-2017-14491, CVE-2021-0393, CVE-2021-0396, CVE-2021-0390, CVE-2021-0392, CVE-2021-0394

Moderate
None

Already included in previous updates
CVE-2020-11180, CVE-2020-11277

Not applicable to Samsung devices
CVE-2020-11283


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 19 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR March-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-19153 (CVE-2021-25335): Hidden notification contents leak over the lockscreen

Severity: Low
Affected versions: Q(10.0) devices with ONEUI 2.5
Reported on: October 6, 2020
Disclosure status: Privately disclosed.
An improper lockscreen status check in cocktailbar service prior to SMR MAR-2021 Release 1 allows unauthenticated users to see hidden notification contents over the lockscreen in specific conditions.
The patch adds the proper lockscreen status check to prevent hidden notification contents leak.


SVE-2021-19527 (CVE-2021-25337): Arbitrary file read/write vulnerability via unprotected clipboard content provider

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0) devices except ONEUI 3.1 in R(11.0)
Reported on: November 3, 2020
Disclosure status: Privately disclosed.
An improper access control in clipboard service prior to SMR MAR-2021 Release 1 allows untrusted applications to read or write arbitrary files in the device.
The patch adds the proper caller check to prevent improper access to clipboard service.


SVE-2021-19553 (CVE-2021-25336): Improper access control in NotificationManagerService

Severity: High
Affected versions: P(9.0), Q(10.0)
Reported on: November 6, 2020
Disclosure status: Privately disclosed.
An improper access control in NotificationManagerService prior to SMR MAR-2021 Release 1 allows untrusted applications to acquire notification access.
The patch adds higher permission not to allow untrusted access to notification contents.


SVE-2021-19731 (CVE-2021-25339): EL2 memory can be corrupted with HArx HVC call

Severity: High
Affected versions: Q(10.0), R(11.0) devices with Exynos 9830 chipset
Reported on: November 24, 2020
Disclosure status: Privately disclosed.
An improper address validation in HArx prior to SMR MAR-2021 Release 1 allows EL2 memory corruption using compromised kernel.
The patch adds the proper address validation in HArx to prevent EL2 memory corruption.


SVE-2021-19759 (CVE-2021-25338): RKP region list is writable by EL1

Severity: High
Affected versions: Q(10.0), R(11.0) devices with Exynos 9830 chipset
Reported on: November 25, 2020
Disclosure status: Privately disclosed.
An improper memory access control in RKP prior to SMR MAR-2021 Release 1 allows attackers to write some part of RKP EL2 memory region using compromised kernel.
The patch adds the proper memory access control in RKP to make EL2 memory region inaccessible.


SVE-2021-19945 (CVE-2021-25344): Serial number leak

Severity: High
Affected versions: Q(10.0), R(11.0)
Reported on: December 15, 2020
Disclosure status: Privately disclosed.
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to get device’s serial number without permission.
The patch adds proper permission check on the API to get serial number.


SVE-2021-20009 (CVE-2021-25345): Kernel panic by graphic format mismatch

Severity: Low
Affected versions: Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: December 21, 2020
Disclosure status: Privately disclosed.
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.
The patch addressed the issue.


SVE-2021-19897 (CVE-2021-25369): Potential kernel information exposure from sec_log

Severity: Moderate
Affected versions: O(8.x), P(9.0), Q(10.0)
Reported on: December 10, 2020
Disclosure status: Privately disclosed.
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
The patch removes vulnerable file.


SVE-2021-19925 (CVE-2021-25370): Memory corruption in dpu driver

Severity: Moderate
Affected versions: O(8.x), P(9.0), Q(10.0), R(11.0) devices with selected Exynos chipsets
Reported on: December 12, 2020
Disclosure status: Privately disclosed.
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
The patch fixes incorrect implementation in dpu driver to address memory corruption.


SVE-2021-20029 (CVE-2021-25371): Possible to load arbitrary ELF library inside DSP

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830
Reported on: December 22, 2020
Disclosure status: Privately disclosed.
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
The patch deletes the improper commands in DSP driver.


SVE-2021-20030 (CVE-2021-25372): Out of bounds access vulnerability in DSP driver

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830
Reported on: December 22, 2020
Disclosure status: Privately disclosed.
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
The patch adds proper boundary check code to prevent out of bounds access.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

GSerg: SVE-2021-19153
Shaechi Security Lab: SVE-2021-19527
Aleksandr Tarasikov: SVE-2021-19731, SVE-2021-19759
Xia Guangshuai & Zhang Qing of ByteDance, Bai Guangdong of The University of Queensland: SVE-2021-19945
Ben Toson: SVE-2021-20009
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – February 2021 package. The Bulletin (February 2021) contains the following CVE items:

Critical
CVE-2021-0325(O8.1, P9), CVE-2021-0326, CVE-2020-11182, CVE-2020-11134

High
CVE-2021-0325(Q10, R11), CVE-2020-10732, CVE-2020-11126, CVE-2020-11159, CVE-2020-11233, CVE-2020-11235, CVE-2020-11238, CVE-2020-11239, CVE-2020-11240, CVE-2020-11241, CVE-2020-11250, CVE-2020-11261, CVE-2020-11262, CVE-2021-0301, CVE-2021-0302, CVE-2021-0305, CVE-2021-0314, CVE-2021-0327, CVE-2021-0328, CVE-2021-0329, CVE-2021-0330, CVE-2021-0331, CVE-2021-0332, CVE-2021-0333, CVE-2021-0334, CVE-2021-0335, CVE-2021-0336, CVE-2021-0337, CVE-2021-0338, CVE-2021-0339, CVE-2021-0340, CVE-2021-0341

Moderate
None

Already included in previous updates
CVE-2020-11181, CVE-2020-11260

Not applicable to Samsung devices
CVE-2020-10767, CVE-2020-10766


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR February-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-18243 (CVE-2021-25340): Arbitrary Settings change using Samsung keyboard

Severity: Moderate
Affected Versions: Q(10.0)
Reported on: July 06, 2020
Disclosure status: Privately disclosed.
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows arbitrary change in Settings during Initialization State.
The patch adds proper access control for additional functions of Samsung keyboard.


SVE-2021-19221 (CVE-2021-25334): Local permanent DoS vulnerability in wallpaper service

Severity: High
Affected versions: P(9.0), Q(10.0) , R(11.0)
Reported on: October 12, 2020
Disclosure status: Privately disclosed.
An improper input check in wallpaper service prior to SMR Feb-2021 Release 1 results in permanent denial of service from using the device.
The patch adds the proper input validation to prevent local permanent denial of service.


SVE-2021-19482: Address leakage vulnerability in libhwui library

Severity: Low
Affected versions: Q(10.0) , R(11.0)
Reported on: October 31, 2020
Disclosure status: Privately disclosed.
Unnecessary logs in libhwui library version prior to SMR Feb-2021 Release 1 allows leakage of object address.
The patch fixes incorrect implementation of address logging.


SVE-2021-19507 (CVE-2021-25330): Possible access to non-existent provider

Severity: Moderate
Affected versions: Select Q(10.0) devices
Reported on: November 3, 2020
Disclosure status: Privately disclosed.
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.
The patch blocks access to MobileWips content provider in case MobileWips is not supported.


SVE-2021-19528 (CVE-2021-25347): Hijacking vulnerability in Samsung Email

Severity: Low
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: November 03, 2020
Disclosure status: Privately disclosed.
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.
The patch adds the proper signature check for Samsung Email.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

조승현: SVE-2021-18243
Yunxuan Qu and Zhenjiang Zhao @ Panguite Forensics Lab of Qianxin: SVE-2021-19482
Zhongquan Li @ Xiaomi AIoT Security Lab: SVE-2021-19221, SVE-2021-19507, SVE-2021-19528
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – January 2021 package. The Bulletin (January 2021) contains the following CVE items:

Critical
CVE-2020-0457

High
CVE-2020-0466, CVE-2020-0465, CVE-2020-0444, CVE-2020-0455, CVE-2020-0456, CVE-2020-11138, CVE-2020-11139, CVE-2020-3685, CVE-2020-11143, CVE-2020-11136, CVE-2020-11137, CVE-2020-3691, CVE-2020-3686, CVE-2020-11140, CVE-2020-11179, CVE-2020-11146, CVE-2020-11145, CVE-2020-11144, CVE-2020-11200, CVE-2020-11214, CVE-2020-11215, CVE-2020-11212, CVE-2020-11213, CVE-2020-11119, CVE-2020-11225, CVE-2021-0313, CVE-2021-0303, CVE-2021-0306, CVE-2021-0307, CVE-2021-0310, CVE-2021-0315, CVE-2021-0317, CVE-2021-0318, CVE-2021-0319, CVE-2021-0304, CVE-2021-0309, CVE-2021-0321, CVE-2021-0322, CVE-2019-9376, CVE-2020-15999, CVE-2016-6328, CVE-2021-0311, CVE-2021-0312, CVE-2021-0316, CVE-2020-0471, CVE-2021-0308, CVE-2021-0320

Moderate
None

Already included in previous updates
CVE-2020-11167, CVE-2020-11185

Not applicable to Samsung devices
CVE-2020-11217, CVE-2020-11197, CVE-2020-0016, CVE-2020-0019, CVE-2020-11216


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 9 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR January-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2020-18731: Buffer overflow in bluetooth UART driver

Severity: Moderate
Affected versions: Selected O(8.x), P(9.0), Q(10.0) devices using Broadcom bluetooth chipsets
Reported on: August 19, 2020
Disclosure status: Privately disclosed.
A possible buffer overflow exists in selected broadcom bluetooth UART driver.
The patch adds proper validation of the buffer length.


SVE-2020-18811 (CVE-2021-25346): Memory corruption in quram library with decoding dng

Severity: High
Affected versions: O(8.x), P(9.0), Q(10.0) devices
Reported on: September 6, 2020
Disclosure status: Privately disclosed.
A possible arbitrary memory overwrite vulnerabilities in quram library allow arbitrary code execution.
The patches add the proper validation of the buffer length.


SVE-2020-19174: Out of bounds access vulnerability in mali GPU driver

Severity: Moderate
Affected versions: O(8.x), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: October 7, 2020
Disclosure status: Privately disclosed.
An improper boundary check in mali GPU driver allows out of bounds memory access resulting in device reset.
The patch adds proper boundary check code to prevent out of bounds access.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Jiska Classen: SVE-2020-18731
Anonymous: SVE-2020-18811
9462ACEE94608EA1643688D026AA95DD: SVE-2020-19174