close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Updates>Firmware Updates

Security Updates

2022Open selected window by year

Close selected window by year
January February March April May June

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – June 2022 package. The Bulletin (June 2022) contains the following CVE items:

Critical
CVE-2021-35090,CVE-2022-20130,CVE-2022-20127,CVE-2022-20140,CVE-2022-20145

High
CVE-2022-20009,CVE-2022-20008,CVE-2022-0847,CVE-2022-20110,CVE-2022-20109,CVE-2021-35080,CVE-2021-35094,CVE-2021-35072,CVE-2021-35087,CVE-2021-35076,CVE-2021-35073,CVE-2021-35086,CVE-2021-35096,CVE-2021-35078,CVE-2021-35116,CVE-2022-22057,CVE-2022-22068,CVE-2022-22065,CVE-2022-22064,CVE-2021-39691,CVE-2022-20125,CVE-2022-20138,CVE-2021-39624,CVE-2022-20124,CVE-2022-20126,CVE-2022-20133,CVE-2022-20134,CVE-2022-20135,CVE-2022-20137,CVE-2022-20142,CVE-2022-20144,CVE-2022-20147,CVE-2022-20123,CVE-2022-20131,CVE-2022-20129,CVE-2022-20143,CVE-2021-39690,CVE-2021-0506,CVE-2021-39671

Moderate
CVE-2021-22600

Already included in previous updates
CVE-2022-20006

Not applicable to Samsung devices
CVE-2022-20084,CVE-2022-22072


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 25 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Mar-2022 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-23082(CVE-2022-28794): Sensitive information exposure in low battery dumpstate log

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: August 28, 2021
Disclosure status: Privately disclosed.
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
The patch removes SIM card information in low-battery dumpstate log. 


SVE-2021-24033(CVE-2022-30709): Improper input validation check logic in SECRIL.

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: November 26, 2021
Disclosure status: Privately disclosed.
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
The patch removes the insecure API code in SECRIL.


SVE-2022-0092(CVE-2022-30710, CVE-2022-30711, CVE-2022-30712, CVE-2022-30713): Improper validation in RemoteViews, FeedsInfo, KfaOptions and LSOItemData

Severity: High
Affected versions: Q(10), R(11), S(12)
Reported on: January 8, 2022
Disclosure status: Privately disclosed.
Improper validation vulnerability in RemoteViews, FeedsInfo, KfaOptions and LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
The patch adds proper validation logic to prevent privilege escalation.


SVE-2022-0100(CVE-2022-30714): Information exposure vulnerability in SemIWCMonitor

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: January 8, 2022
Disclosure status: Privately disclosed.
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
The patch removes MAC address information in SemIWCMonitor.


SVE-2022-0138(CVE-2022-30715): Improper access control vulnerability in DofViewer.

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: January 14, 2022
Disclosure status: Privately disclosed.
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.
The patch adds proper permission check in DofViewer to prevent unauthorized applications control.


SVE-2022-0254(CVE-2022-30716): Unprotected broadcast in DisplayToast 

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: January 30, 2022
Disclosure status: Privately disclosed.
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
The patch adds proper restriction in receiver for the broadcast message.


SVE-2022-0258(CVE-2022-30717): Improper caller check in AR Emoji

Severity: High
Affected versions: Q(10), R(11)
Reported on: January 31, 2022
Disclosure status: Privately disclosed.
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.
The patch removes insecure operations using deeplink.


SVE-2022-0392(CVE-2022-30719): Improper input validation check logic in libsmkvextractor

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: February 18,2022
Disclosure status: Privately disclosed.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
The patch adds proper validation of the buffer length.


SVE-2022-0393(CVE-2022-30720): Improper input validation check logic in libsmkvextractor

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: February 18,2022
Disclosure status: Privately disclosed.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
The patch adds proper validation of the buffer length.


SVE-2022-0412(CVE-2022-30721): Improper input validation check logic in libsmkvextractor

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: February 20,2022
Disclosure status: Privately disclosed.
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
The patch adds proper validation of the buffer length.


SVE-2022-0507(CVE-2022-30722): Bypass of Samsung Account confirmation via hijacking implicit intent

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: March 6, 2022
Disclosure status: Privately disclosed.
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
The patch changes implicit Intent to explicit Intent to prevent hijacking from unprivileged applications.


SVE-2022-0526, SVE-2022-0534, and SVE-2022-0535(CVE-2022-30723, CVE-2022-30724, CVE-2022-30725): Leak of MAC address of connected Bluetooth device

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: March 8, 2022
Disclosure status: Privately disclosed.
Broadcasting Intent including the Bluetooth Device object without proper restriction of receivers in Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
The patch adds proper permission to prevent Bluetooth information leak.


SVE-2022-0691(CVE-2022-30726): Unprotected component vulnerability in SecSettingsIntelligence

Severity: Moderate
Affected versions: S(12)
Reported on: March 21, 2022
Disclosure status: Privately disclosed.
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
The patch adds proper permission for using the component.


SVE-2022-0793(CVE-2022-30727): Improper handling of insufficient permissions in PersonaManagerService

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: March 29, 2022
Disclosure status: Privately disclosed.
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
The patch adds proper permission for using the API.


SVE-2022-1203(CVE-2022-30728): Information exposure vulnerability in ScanPool

Severity: Moderate
Affected versions: R(11), S(12)
Reported on: January 8, 2022
Disclosure status: Privately disclosed.
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
The patch removes MAC address information in ScanPool. 


SVE-2022-0504(CVE-2022-30729): Hijacking of Wi-Fi SSID and password in Settings

Severity: Moderate
Affected versions: S(12)
Reported on: March 3, 2022
Disclosure status: Privately disclosed.
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
The patch changes implicit Intent to explicit Intent to prevent hijacking from unprivileged applications.


Some SVE items included in the Samsung Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Andr.Ess: SVE-2021-23082, SVE-2022-0100, SVE-2022-1203
Zhang Lei: SVE-2021-24033
Michał Bednarski: SVE-2022-0092
Jenny ZJN: SVE-2022-0254
Rahul D Kankrale: SVE-2022-0258
Kiwan Ko : SVE-2022-0392, SVE-2022-0393, SVE-2022-0412
Hao Zhou and Xiapu Luo from PolyU, Haoyu Wang from HUST, Yajin Zhou from ZJU: SVE-2022-0504, SVE-2022-0507, SVE-2022-0526, SVE-2022-0534, and SVE-2022-0535
Dawn Security Lab, JD.com : SVE-2022-0138, SVE-2022-0691
Sergey Toshin of Oversecured Inc: SVE-2022-0793
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – May 2022 package. The Bulletin (May 2022) contains the following CVE items:

Critical
CVE-2021-30339,CVE-2021-30341,CVE-2021-30347,CVE-2021-30342,CVE-2021-30343,CVE-2021-35112,CVE-2021-35081

High
CVE-2021-0707,CVE-2021-39800,CVE-2021-39801,CVE-2021-39802,CVE-2021-30350,CVE-2021-30344,CVE-2021-30340,CVE-2021-30334,CVE-2021-35130,CVE-2021-39807,CVE-2021-39662,CVE-2022-20004,CVE-2022-20005,CVE-2022-20006,CVE-2022-20007,CVE-2022-20113,CVE-2022-20114,CVE-2022-20116,CVE-2022-20010,CVE-2022-20011,CVE-2022-20115,CVE-2021-39670,CVE-2022-20112

Moderate
CVE-2021-1020,CVE-2021-1021,CVE-2021-39700

Already included in previous updates
CVE-2022-20081,CVE-2021-25477,CVE-2021-30349,CVE-2021-30281,CVE-2021-30338,CVE-2021-35091,CVE-2021-35095

Not applicable to Samsung devices
CVE-2021-35104,CVE-2021-30345,CVE-2021-30346,CVE-2021-35070,CVE-2021-35100,CVE-2021-35123


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 18 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Mar-2022 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-24015(CVE-2022-28780): Improper access control vulnerability in Weather

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: November 24, 2021
Disclosure status: Privately disclosed.
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission.
The patch adds proper protection to prevent access to location information.


SVE-2022-0285(CVE-2022-28781): Launch arbitrary activity with system privilege

Severity: High
Affected versions: R(11), S(12)
Reported on: February 4, 2022
Disclosure status: Privately disclosed.
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege.
The patch adds proper validation logic to check the caller.


SVE-2022-0324(CVE-2022-28782): Vulnerability with access to Contents To Window

Severity: Moderate
Affected versions: Select R(11), S(12) devices
Reported on: February 9, 2022
Disclosure status: Privately disclosed.
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard.
The patch blocks entry point of the vulnerability.


SVE-2022-0349(CVE-2022-28783): Ability to uninstall arbitrary apps

Severity: High
Affected versions: Q(10), R(11), S(12)
Reported on: February 13, 2022
Disclosure status: Privately disclosed.
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission.
The patch adds proper validation logic for removing package name.


SVE-2022-0350(CVE-2022-28784): Directory listing as system user

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: February 13, 2022
Disclosure status: Privately disclosed.
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user.
The patch addresses incorrect implementation of file path validation check logic.


SVE-2022-0390(CVE-2022-28785): Out-of-bounds read vulnerability in aviextractor library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: February 18, 2022
Disclosure status: Privately disclosed.
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service.
The patch adds buffer size check logic.


SVE-2022-0391(CVE-2022-28786): Out-of-bounds read vulnerability in aviextractor library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: February 18, 2022
Disclosure status: Privately disclosed.
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service.
The patch adds buffer size check logic.


SVE-2022-0404(CVE-2022-28787): Out-of-bounds read vulnerability in wmfextractor library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: February 20, 2022
Disclosure status: Privately disclosed.
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service.
The patch adds buffer size check logic.


SVE-2022-0427(CVE-2022-28788): Out-of-bounds read vulnerability in aviextractor library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: February 21, 2022
Disclosure status: Privately disclosed.
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service.
The patch adds buffer size check logic.


Some SVE items included in the Samsung Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Jenny Zhang: SVE-2021-24015
Sergey Toshin of Oversecured Inc: SVE-2022-0285, SVE-2022-0349, SVE-2022-0350
SeungHyun Cho (@netkingj): SVE-2022-0324
Kiwan Ko: SVE-2022-0390, SVE-2022-0391, SVE-2022-0404, SVE-2022-0427
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – April 2022 package. The Bulletin (April 2022) contains the following CVE items:

Critical
None

High
CVE-2020-29368,CVE-2021-39685,CVE-2021-39686,CVE-2021-39698,CVE-2021-3655,CVE-2021-35088,CVE-2021-35103,CVE-2021-35105,CVE-2021-35117,CVE-2021-30328,CVE-2021-30329,CVE-2021-30332,CVE-2021-30333,CVE-2021-39694,CVE-2021-0694,CVE-2021-39794,CVE-2021-39795,CVE-2021-39796,CVE-2021-39797,CVE-2021-39798,CVE-2021-39799,CVE-2021-39803,CVE-2021-39804,CVE-2021-39808,CVE-2021-39805,CVE-2021-39809,CVE-2022-0847

Moderate
CVE-2021-1027,CVE-2021-1028,CVE-2021-1029,CVE-2021-1001,CVE-2021-1002,CVE-2021-1018,CVE-2021-0973,CVE-2021-0769,CVE-2021-0992,CVE-2021-0987,CVE-2021-1005,CVE-2021-1014,CVE-2021-1015,CVE-2021-1007,CVE-2021-1023,CVE-2021-1026,CVE-2021-1034,CVE-2021-1022

Already included in previous updates
CVE-2021-1942,CVE-2021-35110,CVE-2021-1950,CVE-2021-1009,CVE-2021-1032,CVE-2021-1011

Not applicable to Samsung devices
CVE-2022-20047,CVE-2022-20048,CVE-2022-20053,CVE-2021-35106


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 33 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Mar-2022 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-22904(CVE-2022-25831): Improper access control in S Secure

Severity: Low
Affected versions: Select Q(10), R(11), S(12) devices
Reported on: August 9, 2021
Disclosure status: Privately disclosed.
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
The patch removes improper check logic.


SVE-2021-23217(CVE-2022-25832): Improper authentication vulnerability in S Secure

Severity: Moderate
Affected versions: Select R(11), S(12) devices
Reported on: September 11, 2021
Disclosure status: Privately disclosed.
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.
The patch adds proper validation logic to prevent to use locked Myfiles app without authentication.


SVE-2021-23296(CVE-2022-25833): Improper authentication in ImsService

Severity: Moderate
Affected versions: Q(10), R(11)
Reported on: September 19, 2021
Disclosure status: Privately disclosed.
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.
The patch fixes improper permission check logic.


SVE-2021-23602(CVE-2022-26090): Improper access control in Samsung Contacts

Severity: Moderate
Affected versions: Q(10), R(11)
Reported on: October 16, 2021
Disclosure status: Privately disclosed.
Improper access control vulnerability in Samsung Contacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
The patch adds proper intent flag to prevent access to contact information.


SVE-2021-23949(CVE-2022-26091): Improper access control in Knox Manage

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: November 17, 2021
Disclosure status: Privately disclosed.
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.
The patch prevents use of a certain function key on Knox Manage login page.


SVE-2021-23951(CVE-2022-26092): Improper boundary check in Quram Agif library 

Severity: High
Affected versions: Q(10), R(11), S(12)
Reported on: November 17, 2021
Disclosure status: Privately disclosed.
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.
The patch adds proper validation logic to prevent arbitrary memory write.


SVE-2021-24106(CVE-2022-26093, CVE-2022-26094, CVE-2022-26095, CVE-2022-26096, CVE-2022-26097): Null pointer dereference in libsimba library

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: December 1, 2021
Disclosure status: Privately disclosed.
Null pointer dereference vulnerability in some parser functions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.
The patch adds the proper validation of input data.


SVE-2021-24107(CVE-2022-26098): Heap-based buffer overflow vulnerability in sheifd_create function in libsimba library 

Severity: Critical
Affected versions: Q(10), R(11), S(12)
Reported on: December 1, 2021
Disclosure status: Privately disclosed.
Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
The patch adds the proper validation of input data.


SVE-2021-24108(CVE-2022-26099): Null pointer dereference vulnerability in parser_infe function in libsimba library

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: December 1, 2021
Disclosure status: Privately disclosed.
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.
The patch adds the proper validation of input data.


SVE-2021-24109(CVE-2022-27567): Null pointer dereference vulnerability in parser_hvcC function in libsimba library

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: December 1, 2021
Disclosure status: Privately disclosed.
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.
The patch adds the proper validation of input data.


SVE-2021-24110(CVE-2022-27568, CVE-2022-27569, CVE-2022-27570, CVE-2022-27571): Heap-based buffer overflow vulnerability in some parser functions and sheifd_get_info_image fuction in libsimba library

Severity: Critical
Affected versions: Q(10), R(11), S(12)
Reported on: December 1, 2021
Disclosure status: Privately disclosed.
Heap-based buffer overflow vulnerability in some parser functions and sheifd_get_info_image fuction of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
The patch adds the proper validation of input data.


SVE-2021-24224(CVE-2022-27572): Heap-based buffer overflow vulnerability in parser_ipma function in libsimba

Severity: Critical
Affected versions: Q(10), R(11), S(12)
Reported on: December 10, 2021
Disclosure status: Privately disclosed.
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
The patch adds the proper validation of input data.


SVE-2021-24225(CVE-2022-27573): Improper input validation vulnerability parser_infe and sheifd_find_itemIndexin fuction libsimba library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: December 10, 2021
Disclosure status: Privately disclosed.
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.
The patch adds the proper validation of input data.


SVE-2021-24226(CVE-2022-27574): Improper input validation vulnerability parser_iloc and sheifd_find_itemIndexin fuction libsimba library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: December 10, 2021
Disclosure status: Privately disclosed.
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.
The patch adds the proper validation of input data.


SVE-2021-24352(CVE-2022-27575, CVE-2022-27575): Information exposure vulnerability in One UI Home, Samsung DeX Home

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: December 21, 2021
Disclosure status: Privately disclosed.
Information exposure vulnerability in One UI Home and Samsung DeX Home prior to SMR April-2022 Release 1 allows access to currently launched foreground app information without permission.
The patch adds proper protection to prevent access to foreground app information.


SVE-2021-24382(CVE-2022-27821): Improper boundary check in Quram Agif library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: December 24, 2021
Disclosure status: Privately disclosed.
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.
The patch adds proper validation logic to prevent out-of-bounds read.


SVE-2021-24421(CVE-2022-27822): Information exposure vulnerability in ril property setting

Severity: High
Affected versions: Q(10), R(11), S(12)
Reported on: December 31, 2021
Disclosure status: Privately disclosed.
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
The patch removes the property.


SVE-2022-0006(CVE-2022-27823): Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: January 22, 2022
Disclosure status: Privately disclosed.
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
The patch adds the proper validation of the buffer length.


SVE-2022-0007(CVE-2022-27824): Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: January 22, 2022
Disclosure status: Privately disclosed.
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file
The patch adds the proper validation of the buffer length.th


SVE-2022-0008(CVE-2022-27825): Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: January 22, 2022
Disclosure status: Privately disclosed.
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
The patch adds the proper validation of the buffer length.


SVE-2022-0011(CVE-2022-27826, CVE-2022-27827, CVE-2022-27828, CVE-2022-27829, CVE-2022-27830): Improper validation vulnerability in SemSuspendDialogInfo, MediaMonitorDimension, MediaMonitorEvent, VerifyCredentialResponse, and SemBlurInfo

Severity: High
Affected versions: Q(10), R(11), S(12)
Reported on: January 2, 2022
Disclosure status: Privately disclosed.
Improper validation vulnerability in SemSuspendDialogInfo, MediaMonitorDimension, MediaMonitorEvent, VerifyCredentialResponse, and SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
The patch adds proper validation logic to prevent privilege escalation.


SVE-2022-0021(CVE-2022-27831): Out-of-bounds read vulnerability in sflvd_rdbuf_bits of libsflvextractor

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: January 4, 2022
Disclosure status: Privately disclosed.
An improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.
The patch adds proper boundary check to prevent out of bounds read.


SVE-2022-0022(CVE-2022-27832): Improper boundary check in media.extractor library

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: January 4, 2022
Disclosure status: Privately disclosed.
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.
The patch adds proper boundary check logic to prevent out of bounds read.


SVE-2022-0085(CVE-2022-27833): Improper input validation in DSP driver

Severity: Moderate
Affected versions: Q(10), R(11), S(12) devices with Exynos 2100, 9830, 980 chipsets
Reported on: January 7, 2022
Disclosure status: Privately disclosed.
Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.
The patch adds proper validation logic to prevent integer overflow.


SVE-2022-0107(CVE-2022-27834): Use after free vulnerability in dsp_context_unload_graph function of DSP driver

Severity: Moderate
Affected versions: Q(10), R(11), S(12) devices with Exynos 2100, 9830, 980 chipsets
Reported on: January 10, 2022
Disclosure status: Privately disclosed.
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.
The patch adds proper mutual exclusion check logic to prevent use after free.


SVE-2022-0136(CVE-2022-27835): Improper boundary check in UWB firmware

Severity: High
Affected versions: S(12)
Reported on: January 13, 2022
Disclosure status: Privately disclosed.
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.
The patch adds proper boundary check logic to prevent arbitrary memory write.


SVE-2022-0137(CVE-2022-27836): Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service

Severity: High
Affected versions: S(12)
Reported on: January 13, 2022
Disclosure status: Privately disclosed.
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission.
The patch adds proper validation logic to prevent arbitrary files access.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

KRISHAN KUMAR : SVE-2021-22904
Harsh Tyagi : SVE-2021-23217
Xia Guangshuai: SVE-2021-23296, SVE-2022-0137
h0rd7: SVE-2021-23602
Elias Schröder: SVE-2021-23949
mart1n and zraxx , both from school of cyber science and technology from Zhejiang University : SVE-2021-23951, SVE-2021-24382
Dawuge of Pangu Team: SVE-2021-24106, SVE-2021-24107, SVE-2021-24108, SVE-2021-24109, SVE-2021-24110, SVE-2021-24224, SVE-2021-24225, SVE-2021-24226
Hao Zhou, Xiapu Luo from PolyU, Haoyu Wang from BUPT, and Yajin Zhou from ZJU: SVE-2021-24352
Qing Zhang: SVE-2021-24421
Kiwan Ko of STEALIEN: SVE-2022-0006, SVE-2022-0007, SVE-2022-0008, SVE-2022-0021, SVE-2022-0022
Michał Bednarski: SVE-2022-0011
Seonung Jang(@IFdLRx4At1WFm74) of DataFlow Security(@dfsec_com): SVE-2022-0085, SVE-2022-0107
Martin Heyden: SVE-2022-0136
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – March 2022 package. The Bulletin (March 2022) contains the following CVE items:

Critical
CVE-2021-30317, CVE-2021-39708

High
CVE-2021-35068,CVE-2021-35077,CVE-2021-35074,CVE-2021-35075,CVE-2021-30323,CVE-2021-30309,CVE-2021-30326,CVE-2021-30322,CVE-2021-30318,CVE-2021-35069,CVE-2021-39692,CVE-2021-39693,CVE-2021-39695,CVE-2021-39697,CVE-2021-39624,CVE-2021-39690,CVE-2021-39667,CVE-2021-0957,CVE-2021-39701,CVE-2021-39702,CVE-2021-39703,CVE-2021-39704,CVE-2021-39706,CVE-2021-39707,CVE-2021-39709,CVE-2021-32484,CVE-2021-32485,CVE-2021-32486,CVE-2021-32487

Moderate
CVE-2021-1024,CVE-2021-0978,CVE-2021-0983,CVE-2021-0988,CVE-2021-1013,CVE-2021-1030,CVE-2021-1031,CVE-2021-1003,CVE-2021-0998,CVE-2021-1016,CVE-2021-0989,CVE-2021-0990,CVE-2021-0991,CVE-2021-0994,CVE-2021-0996,CVE-2021-1012,CVE-2021-1025,CVE-2021-1008,CVE-2021-39689

Already included in previous updates
: None

Not applicable to Samsung devices
: CVE-2022-20025,CVE-2022-20027,CVE-2022-20028,CVE-2022-20026,CVE-2021-39672,CVE-2021-39635,CVE-2021-39658,CVE-2021-39616,CVE-2022-20024,CVE-2021-39631,CVE-2021-39699,CVE-2021-39705


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 17 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Mar-2022 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-22380(CVE-2022-24928): Security misconfiguration of RKP in some devices

Severity: High
Affected versions: Selected R(11) devices
Reported on: June 30, 2021
Disclosure status: Privately disclosed.
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.
The patch enables the flag for RKP protection.


SVE-2021-23162(CVE-2022-24929): Change the list of locked app without authentication in AppLock.

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: September 6, 2021
Disclosure status: Privately disclosed.
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
The patch protects the activity by setting exported to false.


SVE-2021-23570(CVE-2022-24930): Improper access control vulnerability in StRetailModeReceiver

Severity: Moderate
Affected versions: Wear OS 3.0
Reported on: October 12, 2021
Disclosure status: Privately disclosed.
Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to SMR MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission
The patch adds proper protection to prevent unintended access by unauthorized applications


SVE-2021-23580(CVE-2022-24931): Improper access control vulnerability in ApkInstaller

Severity: High
Affected versions: Q(10), R(11)
Reported on: October 13, 2021
Disclosure status: Privately disclosed.
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
The patch removes logic to execute activity in unauthorized app.


SVE-2021-23591(CVE-2022-24932): Improper Protection of Alternate Path vulnerability in Setup wizard process

Severity: Moderate
Affected versions: Q(10), R(11), S(12) and Samsung Cloud prior to 5.1.0.8
Reported on: October 14, 2021
Disclosure status: Privately disclosed.
Improper protection of alternate path in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker install package before completion of Setup wizard.
The patch address to block entry point of the vulnerability.


SVE-2021-23609(CVE-2022-25814): PendingIntent hijacking vulnerability in Wearable Manager Installer

Severity: High
Affected versions: R(11), S(12)
Reported on: October 17, 2021
Disclosure status: Privately disclosed.
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
The patch addresses the Intent in Wearable Manager Installer to prevent unprivileged access.


SVE-2021-23642(CVE-2022-25815): PendingIntent hijacking vulnerability in Weather application

Severity: Moderate
Affected versions: Q(10), R(11)
Reported on: October 20, 2021
Disclosure status: Privately disclosed.
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
The patch addresses the Intent in Weather application to prevent unprivileged access.


SVE-2021-23866(CVE-2022-25816): Improper authentication in Samsung Lock and mask apps setting

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: November 7, 2021
Disclosure status: Privately disclosed.
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable configuration without authentication.
The patch adds proper protection to prevent change of enable/disable feature without authentication


SVE-2021-24036(CVE-2022-25817): Improper authentication in One UI Home

Severity: Moderate
Affected versions: Q(10), R(11)
Reported on: November 26, 2021
Disclosure status: Privately disclosed.
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
The patch protects the activity by setting exported to false.


SVE-2021-24090(CVE-2022-25818): Improper boundary check in UWB stack

Severity: High
Affected versions: S(12)
Reported on: November 30, 2021
Disclosure status: Privately disclosed.
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.
The patch adds proper validation logic to prevent arbitrary memory write.


SVE-2021-24247(CVE-2022-25819): OOB read vulnerability in hdcp2 device node

Severity: Low
Affected versions: Selected Q(10), R(11), S(12) Exynos devices
Reported on: December 12, 2021
Disclosure status: Privately disclosed.
Out-of-Bound (OOB) read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allows an attacker to have limited access to non-initialized Kernel stack memory.
The patch adds proper boundary check to prevent out-of-bounds memory read.


SVE-2021-24283(CVE-2022-25820): Vulnerable design in fingerprint matching algorithm

Severity: Moderate
Affected versions: Select R(11), S(12) devices
Reported on: December 15, 2021
Disclosure status: Privately disclosed.
Vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
The patch redesigns failure count algorithm to prevent brute force attack.


SVE-2021-24307(CVE-2022-25821): Improper use of SMS buffer pointer in Shannon baseband

Severity: Low
Affected versions: Q(10), R(11), S(12) devices with Exynos CP chipsets
Reported on: December 17, 2021
Disclosure status: Privately disclosed.
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.
The patch addressed the issue.


SVE-2021-24397(CVE-2022-25822): Use after free vulnerability in sdp driver

Severity: Moderate
Affected versions: Select Q(10), R(11), S(12) devices with Exynos and Qualcomm chipsets
Reported on: December 27, 2021
Disclosure status: Privately disclosed.
Use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows deadlock to result in kernel crash.
The patch added additional locking to prevent deadlock

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

leafish: SVE-2021-22380
Harsh Tyagi: SVE-2021-23162, SVE-2021-23866
Yu-Cheng Lin: SVE-2021-23570
Dawn Security Lab, JD.com: SVE-2021-23580
SeungHyun Cho (@netkingj): SVE-2021-23591
h0rd7: SVE-2021-23609, SVE-2021-23642
TerrorBlade: SVE-2021-24036
Martin Heyden: SVE-2021-24090
Kiwan Ko of STEALIEN: SVE-2021-24247
alohachen: SVE-2021-24283
Nevv and Vang3lis @VARAS: SVE-2021-24307
Seonung Jang of STEALIEN: SVE-2021-24397
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – February 2022 package. The Bulletin (February 2022) contains the following CVE items:

Critical
CVE-2021-30285, CVE-2021-39675

High
CVE-2021-30353, CVE-2021-39633, CVE-2021-30301, CVE-2021-30287, CVE-2021-30311, CVE-2021-30308, CVE-2021-30307, CVE-2021-30300, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890, CVE-2021-31345, CVE-2021-40148, CVE-2021-0959, CVE-2021-39619, CVE-2021-39663, CVE-2021-39676, CVE-2021-39664, CVE-2020-13112, CVE-2020-13113, CVE-2021-39665, CVE-2021-39666, CVE-2021-39668, CVE-2021-39669, CVE-2021-39671, CVE-2021-39674, CVE-2021-41990, CVE-2021-41991

Moderate
CVE-2021-0981, CVE-2021-0984, CVE-2021-0979, CVE-2021-0982, CVE-2021-0986, CVE-2021-0993, CVE-2021-0976, CVE-2021-0977, CVE-2021-0999, CVE-2021-1017, CVE-2021-0997, CVE-2021-1006, CVE-2021-1004, CVE-2021-0995, CVE-2021-0922

Already included in previous updates
: CVE-2021-39634, CVE-2021-1049, CVE-2021-30319, CVE-2021-0706, CVE-2021-1010

Not applicable to Samsung devices
: None


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 19 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Feb-2022 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-23613 (CVE-2022-23427, CVE-2022-23999, CVE-2022-24000): PendingIntent hijacking vulnerability in SettingsReceiver

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: October 17, 2021
Disclosure status: Privately disclosed.
PendingIntent hijacking vulnerability in SettingsReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.
The patch addresses the Intent in SettingsReceiver to prevent unprivileged access.


SVE-2021-23598 (CVE-2022-23426, CVE-2022-27837): PendingIntent hijacking vulnerability in DeX Home, DeX for PC and Accessibility

Severity: High
Affected versions: Q(10), R(11), Accessibility prior to 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0)
Reported on: October 15, 2021
Disclosure status: Privately disclosed
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 and Accessibility prior to 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attackers to access files with system privilege.
The patch addresses the Intent in DeX Home, DeX for PC and Accessibility to prevent unprivileged access.


SVE-2021-23582 (CVE-2022-23425): LTE NAS Authentication Bypass

Severity: Critical
Affected versions: Q(10), R(11), S(12) with select Exynos devices
Reported on: November 26, 2021
Disclosure status: Privately disclosed.
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.
The patch fixes the logic that parse the NAS signaling messages.


SVE-2021-24038 (CVE-2022-22292): Arbitrary activity start in Telecom

Severity: High
Affected versions: Q(10), R(11), S(12)
Reported on: November 27, 2021
Disclosure status: Privately disclosed.
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
The patch adds a proper permission for dynamic receiver.


SVE-2021-23585 (CVE-2022-22291): Logging of excessive data vulnerability in telephony

Severity: Moderate
Affected versions: Q(10), R(11), S(12)
Reported on: October 13, 2021
Disclosure status: Privately disclosed.
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
The patch prevents Cell Location Information from being logged on the commercial binary.


SVE-2021-23987 (CVE-2022-23428): Arbitrary memory write vulnerability in eden_runtime hal service

Severity: High
Affected versions: Q(10), R(11), S(12) devices with selected Exynos chipsets
Reported on: November 21, 2021
Disclosure status: Privately disclosed
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
The patch adds proper validation logic to prevent arbitrary memory write.


SVE-2021-24076 (CVE-2022-23429): Invalid memory read vulnerability in audio hal service

Severity: Low
Affected versions: Q(10), R(11), S(12)
Reported on: November 21, 2021
Disclosure status: Privately disclosed
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.
The patch adds proper validation logic to prevent invalid memory read.


SVE-2021-23643 (CVE-2022-23431): Global buffer overflow in RPMB ldfw

Severity: Critical
Affected versions: Q(10), R(11), S(12) devices with selected Exynos chipsets
Reported on: October 20, 2021
Disclosure status: Privately disclosed
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
The patch adds proper validation logic to prevent arbitrary memory write.


SVE-2021-23584 (CVE-2022-23432): Unchecked IRQ index in RPMB ldfw

Severity: Critical
Affected versions: Q(10), R(11), S(12) devices with selected Exynos chipsets
Reported on: October 13, 2021
Disclosure status: Privately disclosed
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
The patch adds proper validation logic to prevent arbitrary memory write.


SVE-2021-23572(CVE-2022-23995): Unprotected component vulnerability in StBedtimeModeAlarmReceiver

Severity: Moderate
Affected versions: Wear OS 3.0
Reported on: October 12, 2021
Disclosure status: Privately disclosed.
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
The patch adds proper protection to prevent unintended access by unauthorized applications.


SVE-2021-23573(CVE-2022-23996): Unprotected component vulnerability in StTheaterModeReceiver

Severity: Moderate
Affected versions: Wear OS 3.0
Reported on: October 12, 2021
Disclosure status: Privately disclosed.
Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission.
The patch adds proper protection to prevent unintended access by unauthorized applications


SVE-2021-23571(CVE-2022-23994): Improper access control vulnerability in StBedtimeModeReceiver

Severity: Moderate
Affected versions: Wear OS 3.0
Reported on: October 12,2021
Disclosure status: Privately disclosed
Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
The patch adds proper permission check in StBedtimeModeReceiver to prevent unauthorized applications change bedtime mode.


SVE-2021-23578(CVE-2022-23997): Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver

Severity: Moderate
Affected versions: Wear OS 3.0
Reported on: October 13, 2021
Disclosure status: Privately disclosed.
Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission.
The patch adds proper protection to prevent unintended access by unauthorized applications

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

h0rd7: SVE-2021-23613, SVE-2021-23598
Eunsoo Kim of KAIST, CheolJun Park of KAIST: SVE-2021-23582
Ryan Johnson of Kryptowire: SVE-2021-24038
Rahul Kankrale: SVE-2021-23585
tomz: SVE-2021-23987, SVE-2021-24076
Federico Menarini and Martijn Bogaard of Riscure: SVE-2021-23643, SVE-2021-23584
Yu-Cheng Lin: SVE-2021-23571, SVE-2021-23572, SVE-2021-23573, SVE-2021-23578
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – January 2022 package. The Bulletin (January 2022) contains the following CVE items:

Critical
CVE-2021-30275, CVE-2021-30276

High
CVE-2021-30270, CVE-2021-30279, CVE-2021-30278, CVE-2021-30269, CVE-2021-30283, CVE-2021-1918, CVE-2021-30274, CVE-2021-30272, CVE-2021-30282, CVE-2021-30271, CVE-2021-1894, CVE-2020-11263, CVE-2021-33909, CVE-2021-30337, CVE-2021-30335, CVE-2021-30262, CVE-2021-30267, CVE-2021-30293, CVE-2021-30273, CVE-2021-30289, CVE-2021-30268, CVE-2021-30336, CVE-2021-30303, CVE-2020-0368, CVE-2021-0971, CVE-2021-39630, CVE-2021-39632, CVE-2020-0338, CVE-2021-39623, CVE-2021-39620, CVE-2021-39626, CVE-2021-39629, CVE-2021-0643, CVE-2021-39628, CVE-2021-39659

Moderate
CVE-2021-0961, CVE-2021-0661, CVE-2021-0662, CVE-2021-0663, CVE-2021-0673

Already included in previous updates
: None

Not applicable to Samsung devices
CVE-2021-30351, CVE-2021-0675, CVE-2021-0904, CVE-2021-38204, CVE-2021-39618, CVE-2021-39621, CVE-2021-39622, CVE-2021-39625, CVE-2021-39627


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 19 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2022 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-23353 (CVE-2022-22263): Arbitrary activity start in SecSettings

Severity: Moderate
Affected versions: Select R(11.0) devices
Reported on: September 24, 2021
Disclosure status: Privately disclosed.
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
The patch adds a proper permission for dynamic receiver.


SVE-2021-23054 (CVE-2022-22264): Arbitrary file access vulnerability in Dressroom

Severity: High
Affected versions: Q(10.0), R(11.0), S(12.0)
Reported on: August 25, 2021
Disclosure status: Privately disclosed.
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.
The patch sanitizes incoming Intent before using it.


SVE-2021-23365 (CVE-2022-22265): Use-After-Free bug in NPU driver

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0), S(12.0) devices with selected Exynos chipsets
Reported on: September 25, 2021
Disclosure status: Privately disclosed.
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
The patch adds proper check of exceptional conditions logic to prevent Use-After-Free.


SVE-2021-23023 (CVE-2022-22266): Wifi scan result leak via the exported TencentWifiSecurity service

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: August 20, 2021
Disclosure status: Privately disclosed.
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
The patch adds proper protection to prevent unintended access by other applications.


SVE-2021-23088 (CVE-2022-22267): Implicit Intent hijacking in ActivityMetricsLogger

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0), S(12.0)
Reported on: August 29, 2021
Disclosure status: Privately disclosed.
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
The patch changes implicit Intent to explicit Intent to prevent unprivileged access to running application information.


SVE-2021-23254 (CVE-2022-22268): Temporary bypass of Knox Guard via Samsung DeX

Severity: High
Affected versions: P(9.0), Q(10.0), R(11.0), S(12.0)
Reported on: September 14, 2021
Disclosure status: Privately disclosed.
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
The patch blocks Samsung DeX mode when KnoxGuard locked.


SVE-2021-23364 (CVE-2022-22269): Local Bluetooth MAC address leak

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: September 25, 2021
Disclosure status: Privately disclosed.
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
The patch removes a local Bluetooth MAC address from the unprotected provider.


SVE-2021-23422 (CVE-2022-22270): Contacts information leak via hijacking implicit intent

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: September 30, 2021
Disclosure status: Privately disclosed.
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
The patch changes implicit Intent to explicit Intent to prevent unprivileged access to contact.


SVE-2021-23664 (CVE-2022-22271): Arbitrary pointer dereference in TIMA TA

Severity: High
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: October 21, 2021
Disclosure status: Privately disclosed.
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
The patch adds proper input check not to allow arbitrary memory access.


SVE-2021-23486 (CVE-2022-22272): Improper authorization in TelephonyManager

Severity: Moderate
Affected versions: Q(10.0), R(11.0), S(12.0)
Reported on: October 6, 2021
Disclosure status: Privately disclosed.
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PERMISSION
The patch modified with proper permission.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Dawn Security Lab, JD.com: SVE-2021-23353, SVE-2021-23054
Seonung Jang of STEALIEN: SVE-2021-23365
XiaGuangshuai in Wuheng Lab of ByteDance.: SVE-2021-23023, SVE-2021-23088, SVE-2021-23364, SVE-2021-23486
양성조: SVE-2021-23254
TerrorBlade: SVE-2021-23422
Sergei Volokitin: SVE-2021-23664