close

Samsung Mobile Security
Cookie Policy

Updated on May 1, 2021

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 1000 Hillswood Drive, Chertsey, Surrey KT16 0PS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text

Security Updates

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – September 2021 package. The Bulletin (September 2021) contains the following CVE items:

Critical
CVE-2021-1972, CVE-2021-1976, CVE-2021-0687

High
CVE-2021-28375, CVE-2020-14381, CVE-2021-0582, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-30261, CVE-2021-30260, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-0639, CVE-2019-10581, CVE-2021-0518, CVE-2021-0595, CVE-2021-0683, CVE-2021-0684, CVE-2021-0685, CVE-2021-0688, CVE-2021-0686, CVE-2021-0689, CVE-2021-0690, CVE-2021-0598, CVE-2021-0692, CVE-2021-0428, CVE-2021-0644, CVE-2021-0682, CVE-2021-0693

Moderate
CVE-2021-0565, CVE-2021-0556, CVE-2021-0562, CVE-2021-0566, CVE-2021-0536, CVE-2021-0537, CVE-2021-0538, CVE-2021-0539, CVE-2021-0547, CVE-2021-0548, CVE-2021-0553, CVE-2021-0549, CVE-2021-0552, CVE-2021-0691

Already included in previous updates
CVE-2021-3347, CVE-2021-0564

Not applicable to Samsung devices
CVE-2021-1919, CVE-2021-1916, CVE-2021-1920, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-1914, CVE-2021-1978, CVE-2020-3633


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 23 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR September-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-21619 (CVE-2021-25457): Kernel Information Disclosure in the Vision DSP Kernel Driver

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
Reported on: April 27, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
The patch adds proper input validation in DSP driver.


SVE-2021-21943 (CVE-2021-25450): Path traversal vulnerability in FactoryAirCommandManager

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: May 24, 2021
Disclosure status: Privately disclosed.
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
The patch addresses incorrect implementation of file path validation check logic.


SVE-2021-22094 (CVE-2021-25449): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: June 4, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-21959 (CVE-2021-25452): Kernel Permanent Denial of Service Vulnerability in the Vision DSP Kernel Driver

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
Reported on: May 25, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
The patch adds proper input check to prevent loading unintended file in path.


SVE-2021-21041 (CVE-2021-25453): Leak Bluetooth information through Broadcast in Bluetooth app

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: March 13, 2021
Disclosure status: Privately disclosed.
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
The patches add proper access control to prevent Bluetooth information leak.


SVE-2021-21620 (CVE-2021-25458): NULL pointer dereference vulnerability in the ION Driver

Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: April 27, 2021
Disclosure status: Privately disclosed.
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
The patch adds proper input check to prevent null pointer dereference.


SVE-2021-22602 (CVE-2021-25459): Improper access control in BlockChainService

Severity: Moderate
Affected versions: Select Q(10.0), R(11.0)
Reported on: July 12, 2021
Disclosure status: Privately disclosed.
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
The patch adds the proper permission check to prevent improper access to BlockchainTZService.


SVE-2021-22603 (CVE-2021-25460): Improper access control in BlockChainService

Severity: Moderate
Affected versions: Select Q(10.0), R(11.0)
Reported on: July 12, 2021
Disclosure status: Privately disclosed.
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
The patch adds the proper permission check to prevent improper access to BlockchainTZService.


SVE-2021-22411 (CVE-2021-25461): APAService Stack Overflow

Severity: Low
Affected versions: O(8.1)
Reported on: July 2, 2021
Disclosure status: Privately disclosed.
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
The patch adds proper length check in APAService.


SVE-2021-21413 (CVE-2021-25451): Sensitive information disclosure in NetworkPolicyManagerService

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: April 11, 2021
Disclosure status: Privately disclosed.
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
The patch addresses the intent in NetworkPolicyManagerService to prevent unprivileged access.


SVE-2021-22278 (CVE-2021-25454): OOB read vulnerability in 'libsaacextractor.so'

Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: June 23, 2021
Disclosure status: Privately disclosed.
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
The patch adds length check code in libsaacextractor library.


SVE-2021-22291 (CVE-2021-25455): OOB read vulnerability in 'libsaviextractor.so'

Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: June 24, 2021
Disclosure status: Privately disclosed.
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
The patch adds length check code in libsaviextractor library.


SVE-2021-22343 (CVE-2021-25456): OOB read vulnerability in 'libswmfextractor.so'

Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: June 27, 2021
Disclosure status: Privately disclosed.
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
The patch adds length check code in libswmfextractor library.


SVE-2021-21969 (CVE-2021-25462): Null Pointer Dereference vulnerability in the NPU Driver

Severity: Low
Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: May 25, 2021
Disclosure status: Privately disclosed.
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
The patch adds proper input check to prevent null pointer dereference.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Gyorgy Miru: SVE-2021-21619, SVE-2021-21959, SVE-2021-21620
R of Dawn Security Lab, JD.com: SVE-2021-21943
Le Wu of Baidu Security: SVE-2021-22094, SVE-2021-22278, SVE-2021-22291, SVE-2021-22343
hard_______: SVE-2021-21041
Sigmund Gorski: SVE-2021-22602, SVE-2021-22603
Mounir Elgharabawy: SVE-2021-22411
rt_: SVE-2021-21413
Maxime Peterlin: SVE-2021-21969




Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – August 2021 package. The Bulletin (August 2021) contains the following CVE items:

Critical
CVE-2021-0592, CVE-2021-1965

High
CVE-2021-1931, CVE-2021-1940, CVE-2021-1953, CVE-2021-1943, CVE-2021-1964, CVE-2021-1907, CVE-2021-1955, CVE-2021-1945, CVE-2021-1970, CVE-2021-1954, CVE-2020-0368, CVE-2021-0514, CVE-2021-0515, CVE-2021-0603, CVE-2021-0640, CVE-2021-0645, CVE-2021-0646, CVE-2021-0519, CVE-2021-0591, CVE-2021-0593, CVE-2021-0584, CVE-2021-0641, CVE-2021-0642

Moderate
CVE-2021-0555, CVE-2020-1971, CVE-2021-0567, CVE-2021-0570, CVE-2021-0572, CVE-2021-0557, CVE-2021-0558, CVE-2021-0559, CVE-2021-0561

Already included in previous updates
CVE-2021-1938

Not applicable to Samsung devices
CVE-2020-11307, CVE-2021-0577, CVE-2021-0550


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 8 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR August-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-20831 (CVE-2021-25443): UAF in conn_gadget driver

Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: February 26, 2021
Disclosure status: Privately disclosed.
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
The patch adds proper check logic to prevent use after free.


SVE-2021-21948 (CVE-2021-25444): IV reuse in Keymaster TA

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0)
Reported on: May 25, 2021
Disclosure status: Privately disclosed.
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
The patch prevents reusing IV by blocking addition of custom IV.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Kyungtae Kim: SVE-2021-20831
Alon Shakevsky, Avishai Wool and Eyal Ronen: SVE-2021-21948
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – July 2021 package. The Bulletin (July 2021) contains the following CVE items:

Critical
CVE-2020-26558(A-179039983), CVE-2020-11176, CVE-2020-11291

High
CVE-2020-26555(A-181682537, A-174626251), CVE-2020-11304, CVE-2020-11298, CVE-2020-11306, CVE-2021-1900, CVE-2021-0512, CVE-2021-0525, CVE-2021-0527, CVE-2021-0533, CVE-2021-0526, CVE-2021-0528, CVE-2021-0529, CVE-2021-0531, CVE-2021-0530, CVE-2021-0532, CVE-2020-11292, CVE-2020-11267, CVE-2020-14305, CVE-2021-1937, CVE-2020-26558(A-174886838), CVE-2021-0513, CVE-2021-0478, CVE-2021-0441, CVE-2021-0486, CVE-2021-0587, CVE-2021-0601, CVE-2020-0417, CVE-2021-0585, CVE-2021-0586, CVE-2021-0589, CVE-2021-0594, CVE-2021-0600, CVE-2021-0602, CVE-2021-0590, CVE-2021-0596, CVE-2021-0597, CVE-2021-0599, CVE-2021-0604

Moderate
None

Already included in previous updates
CVE-2021-1925

Not applicable to Samsung devices
CVE-2021-0588


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 8 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR July-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-20903 (CVE-2021-25426): Possible to access Message files

Severity: Moderate
Affected versions: P(9.0), Q(10.0) , R(11.0)
Reported on: March 3, 2021
Disclosure status: Privately disclosed.
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.
The patch adds access control to prevent unauthorized access.


SVE-2021-19827: Multiple Bluetooth Core Specification Vulnerabilities

Severity: High
Affected versions: Selected O(8.1), Q(10.0) devices with Exynos 7570, 980 chipset
Reported on: October 22, 2020
Disclosure status: Publicly disclosed.
There are several vulnerabilities in the Bluetooth core protocol as listed below.
CVE-2020-26555
The Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack. When an attacker connects to a victim device using the address of the device and the victim initiates a Pairing, the attacker can reflect the encrypted nonce even without knowledge of the key.
CVE-2020-26558
The Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge.
The authentication property of the Bluetooth LE Legacy Pairing procedures is vulnerable to a reflection attack. A remote attacker without knowledge of the token key can complete the authentication protocol.
The patch fixes exception handling for the Bluetooth core protocol.


SVE-2021-21041 (CVE-2021-25429, CVE-2021-25430): Leak bluetooth information through broadcast in bluetooth app

Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0) , R(11.0)
Reported on: March 13, 2021
Disclosure status: Privately disclosed.
Improper privilege management and improper access control vulnerabilities in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
The patch adds proper access control for the Bluetooth information in Bluetooth application.


SVE-2021-21231 (CVE-2021-25427): SQL Injection in Bluetooth

Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: March 28, 2021
Disclosure status: Privately disclosed.
SQL injection vulnerability in Dialer Storage prior to SMR July-2021 Release 1 allows unauthorized access to paired Bluetooth information
The patch adds proper input validation in Bluetootn.


SVE-2021-20754 (CVE-2021-25428): Allow dangerous level permission without user confirmation in limited circumstances

Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: February 20, 2021
Disclosure status: Privately disclosed.
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
The patch adds proper validation check in PackageManager.


SVE-2021-21468: Information disclosure in ptrace module of kernel

Severity: Moderate
Affected versions: All O(8.1), P(9.0) devices and select Q(10.0), R(11.0) devices
Reported on: April 14, 2021
Disclosure status: Publicly disclosed.
Improper validation check vulnerability in ptrace kernel module prior to SMR July-2021 Release 1 allows information disclosure of kernel data.
The patch adds proper validation check in ptrace kernel module.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Sergey Toshin of Oversecured Inc: SVE-2021-20903
France’s national cybersecurity agency ANSSI: SVE-2021-19827
hard_______: SVE-2021-21041
Calum Hutton: SVE-2021-21231
Zhongquan Li @ ADLab: SVE-2021-20754
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – June 2021 package. The Bulletin (June 2021) contains the following CVE items:

Critical
CVE-2021-0507, CVE-2021-0516

High
CVE-2021-1891, CVE-2020-11284, CVE-2021-1905, CVE-2021-1915, CVE-2021-1927, CVE-2021-28663, CVE-2021-28664, CVE-2021-0495, CVE-2020-11279, CVE-2020-11273, CVE-2020-11274, CVE-2020-11285, CVE-2020-29661, CVE-2019-2219, CVE-2021-0511, CVE-2021-0521, CVE-2021-0508, CVE-2021-0509, CVE-2021-0510, CVE-2021-0520, CVE-2021-0505, CVE-2021-0506, CVE-2021-0523, CVE-2021-0504, CVE-2021-0517, CVE-2021-0522, CVE-2021-0304

Moderate
CVE-2021-1906, CVE-2021-0381, CVE-2020-0025, CVE-2021-0385, CVE-2021-0389

Already included in previous updates
CVE-2021-0492, CVE-2021-0491, CVE-2021-0493, CVE-2021-0494, CVE-2021-0497, CVE-2021-0498, CVE-2021-0489, CVE-2021-0490, CVE-2021-0496

Not applicable to Samsung devices
CVE-2021-0324, CVE-2021-0467, CVE-2020-11288, CVE-2020-11289, CVE-2021-1910


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 19 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR June-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-20702 (CVE-2021-25410): Arbitrary file access vulnerability in CallBGProvider

Severity: High
Affected versions: R(11.0)
Reported on: February 15, 2021
Disclosure status: Privately disclosed.
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.
The patch adds proper permission to prevent unauthorized access.


SVE-2021-20877 (CVE-2021-25413): Possible to access arbitrary content providers

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: March 2, 2021
Disclosure status: Privately disclosed.
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
The patch sanitizes incoming Intent before using it.


SVE-2021-20879 (CVE-2021-25414): Possible to theft or overwrite arbitrary files

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: March 2, 2021
Disclosure status: Privately disclosed.
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.
The patch sanitizes incoming Intent before using it.


SVE-2021-21161 (CVE-2021-25407): Out of bounds write in Samsung NPU driver

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos9820, 9830, 980, 2100 chipsets
Reported on: March 20, 2021
Disclosure status: Privately disclosed.
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
The patch adds proper boundary check to prevent out of bounds write.


SVE-2021-20641 (CVE-2021-25417): Improper authorization in SDP SDK

Severity: Moderate
Affected versions: P(9.0), Q(10.0)
Reported on: February 9, 2021
Disclosure status: Privately disclosed.
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
The patch removes the logic for granting internal storage privilege.


SVE-2021-20984 (CVE-2021-25412): Improper access control in genericssoservice service

Severity: High
Affected versions: Q(10.0)
Reported on: March 8, 2021
Disclosure status: Privately disclosed.
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.
The patch adds the proper caller check to prevent improper access to genericssoservice.


SVE-2021-20948 (CVE-2021-25409): Configure Notification settings without authorization

Severity: Moderate
Affected versions: Q(10.0)
Reported on: March 8, 2021
Disclosure status: Privately disclosed.
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
The patch adds proper authorization to configure Notification setting in lockscreen.


SVE-2021-20178 (CVE-2021-25415): Possible remapping RKP memory as writable from EL1

Severity: High
Affected versions: Q(10.0), R(11.0) devices with Exynos9610, 9810, 9820, 9830
Reported on: January 4, 2021
Disclosure status: Privately disclosed.
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
The patch adds the proper address validation in RKP to prevent change of EL2 memory attribution from EL1.


SVE-2021-20179 (CVE-2021-25416): Possible creating executable kernel page via abusing dynamic load functions

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos9610, 9810, 9820, 9830
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
The patch adds the proper address validation in RKP to prevent creating executable kernel page.


SVE-2021-20176 (CVE-2021-25411): Vulnerable api in RKP allows attackers to write read-only kernel memory

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos9610, 9810, 9820, 9830
Reported on: January 4, 2021
Disclosure status: Privately disclosed.
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
The patch adds a proper address validation check to prevent unprivileged write to kernel memory.


SVE-2021-21074 (CVE-2021-25408): Buffer overflow in Samsung NPU driver

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos9820, 9830, 980, 2100 chipsets
Reported on: March 16, 2021
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.
The patch adds proper boundary check to prevent buffer overflow.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Sergey Toshin of Oversecured Inc: SVE-2021-20702, SVE-2021-20877, SVE-2021-20879
Ben Hawkes of Google Project Zero: SVE-2021-21161
Abdulla Aldoseri, David Oswald: SVE-2021-20641
hard_______: SVE-2021-20984
Tony: SVE-2021-20948
Alexandre Adamski of Longterm Security: SVE-2021-20178, SVE-2021-20179, SVE-2021-20176
Maxime Peterlin of Longterm Security: SVE-2021-21074

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – May 2021 package. The Bulletin (May 2021) contains the following CVE items:

Critical
CVE-2021-0473, CVE-2021-0474, CVE-2021-0475

High
CVE-2020-25705, CVE-2020-11246, CVE-2020-11234, CVE-2020-15436, CVE-2020-29368, CVE-2020-11251, CVE-2020-11236, CVE-2020-11247, CVE-2020-11237, CVE-2020-11191, CVE-2020-11255, CVE-2020-11243, CVE-2021-0445, CVE-2021-0472, CVE-2021-0485, CVE-2021-0487, CVE-2021-0482, CVE-2021-0484, CVE-2021-0476, CVE-2021-0477, CVE-2021-0481, CVE-2021-0466, CVE-2021-0480

Moderate
CVE-2021-0375, CVE-2021-0387, CVE-2021-0369, CVE-2021-0382, CVE-2021-0368, CVE-2021-0374, CVE-2021-0378, CVE-2021-0379, CVE-2021-0384, CVE-2021-0370, CVE-2021-0372, CVE-2021-0377, CVE-2021-0380, CVE-2021-0383, CVE-2021-0386, CVE-2021-0388, CVE-2021-0371

Already included in previous updates
CVE-2020-11242, CVE-2020-11245, CVE-2020-11210, CVE-2020-11252, CVE-2020-11292*

*Select devices have been patched since January of 2021


Not applicable to Samsung devices
CVE-2021-0468


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 23 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR May-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-20636 (CVE-2021-25388): Arbitray app installation vulnerability in Knox Core

Severity: High
Affected versions: R(11.0)
Reported on: February 16, 2021
Disclosure status: Privately disclosed
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
The patch restricts privilege of app that calls Knox Core.


SVE-2021-20690 (CVE-2021-25392): Possible to access notification policy file of DeX

Severity: Moderate
Affected versions: P(9.0), Q(10.0) , R(11.0)
Reported on: February 14, 2021
Disclosure status: Privately disclosed
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
The patch removes the vulnerable code.


SVE-2021-20731 (CVE-2021-25393): Possible to read/write access to arbitrary files as system user

Severity: High
Affected versions: Q(10.0) , R(11.0)
Reported on: February 18, 2021
Disclosure status: Privately disclosed
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
The patch sanitizes incoming Intent before passing it to caller.


SVE-2021-20167 (CVE-2021-25394), SVE-2021-20168 (CVE-2021-25395): UAF in mfc charger driver

Severity: Moderate
Affected versions: Selected O(8.1), P(9.0), Q(10.0), R(11.0) Exynos and Qualcomm devices
Reported on: December 31, 2020
Disclosure status: Privately disclosed
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
The patch adds proper synchronization points to avoid all possibility of a race condition.


SVE-2021-20511 (CVE-2021-25396): Arbitrary memory write in the Neural Processing Unit Firmware

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos9820, 9830, 980, 2100 chipsets
Reported on: January 31, 2021
Disclosure status: Privately disclosed
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
The patch fixes incorrect implementation of NPU firmware.


SVE-2021-20716 (CVE-2021-25397): Arbitrary file write int TelephonyUI

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0) devices
Reported on: February 16, 2021
Disclosure status: Privately disclosed
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
The patch adds the proper permission check to prevent improper access to TelephonyUI.


SVE-2021-20204 (CVE-2021-25389): Authentication bypass in S Secure

Severity: Low
Affected versions: P(9.0)
Reported on: January 6, 2021
Disclosure status: Privately disclosed
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.
The patch modifies the logic that check running process.


SVE-2021-20724 (CVE-2021-25390): Intent redirection in PhotoTable

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: February 17, 2021
Disclosure status: Privately disclosed
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
The patch restricts apps that can call PhotoTable.


SVE-2021-20500 (CVE-2021-25391): Intent redirection in Secure Folder

Severity: Moderate
Affected versions: R(11.0)
Reported on: January 29, 2021
Disclosure status: Privately disclosed
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
The patch restricts apps that can call SecureFolder.


SVE-2021-20154 (CVE-2021-25383): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 3, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-20183 (CVE-2021-25384): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-20184 (CVE-2021-25385): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-20185 (CVE-2021-25386): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-20202 (CVE-2021-25387): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0), R(11.0)
Reported on: January 6, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.



Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Sergey Toshin of Oversecured Inc: SVE-2021-20636, SVE-2021-20690, SVE-2021-20731, SVE-2021-20716, SVE-2021-20724, SVE-2021-20500
Maxime Peterlin of Longterm Security: SVE-2021-20511
Harsh Tyagi: SVE-2021-20204
Le Wu of Baidu Security: SVE-2021-20154, SVE-2021-20183, SVE-2021-20184, SVE-2021-20185, SVE-2021-20202

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – April 2021 package. The Bulletin (April 2021) contains the following CVE items:

Critical
CVE-2020-11204, CVE-2020-11228, CVE-2020-11218, CVE-2020-11192, CVE-2020-11227, CVE-2021-0430

High
CVE-2020-11178, CVE-2020-11165, CVE-2020-11195, CVE-2020-11198, CVE-2020-11194, CVE-2020-11220, CVE-2020-11199, CVE-2020-11221, CVE-2020-11308, CVE-2020-11290, CVE-2020-11309, CVE-2020-11186, CVE-2020-11226, CVE-2020-11171, CVE-2020-11222, CVE-2020-11188, CVE-2020-11190, CVE-2020-11189, CVE-2020-11166, CVE-2021-0399, CVE-2021-0400, CVE-2021-0426, CVE-2021-0427, CVE-2021-0432, CVE-2021-0438, CVE-2021-0439, CVE-2021-0442, CVE-2021-0443, CVE-2021-0444, CVE-2021-0338, CVE-2021-0437, CVE-2021-0436, CVE-2021-0471, CVE-2021-0429, CVE-2021-0433, CVE-2021-0431, CVE-2021-0435

Moderate
None

Already included in previous updates
CVE-2020-11223

Not applicable to Samsung devices
CVE-2020-11299, CVE-2021-0446


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 21 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR April-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-19881 (CVE-2021-25358): Improper store path for IMSI value

Severity: Moderate
Affected versions: P(9.0), Q(10.0)
Reported on: December 9, 2020
Disclosure status: Privately disclosed.
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.
The patch modifies the store path for IMSI values to proper path to prevent unauthorized access.


SVE-2021-20333 (CVE-2021-25362): Improper permission management in CertInstaller

Severity: Moderate
Affected versions: O(8.1), P(9.x), Q(10.0)
Reported on: January 16, 2021
Disclosure status: Privately disclosed.
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.
The patch deletes mis-used permission in CertInstaller to prevent untrusted access to local files.


SVE-2021-19820 (CVE-2021-25359): AP information leakage vulnerability

Severity: Low
Affected versions: Q(10.0), R(11.0)
Reported on: December 3, 2020
Disclosure status: Privately disclosed.
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
The patch removes the improper SELinux policy item.


SVE-2021-20274 (CVE-2021-25360): Arbitrary code execution on mediaextractor process

Severity: Moderate
Affected versions: Q(10.0)
Reported on: January 11, 2021
Disclosure status: Privately disclosed.
An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
The patch adds proper input check to prevent buffer overflow.


SVE-2021-19180 (CVE-2021-25361): Arbitrary file read/write vulnerability via unprotected StickerCenter content provider

Severity: High
Affected versions: P(9.0), Q(10.0)
Reported on: October 8, 2020
Disclosure status: Privately disclosed.
An improper access control vulnerability in StickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
The patch adds the proper caller check to prevent improper access to StickerCenter.


SVE-2021-19620 (CVE-2021-25357): PendingIntent hijacking vulnerability in Create Movie

Severity: Moderate
Affected versions: O(8.1), P(9.0)
Reported on: November 10, 2020
Disclosure status: Privately disclosed.
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
The patch changes implicit intent to explicit intent in PendingIntent of Create Movie to prevent unprivileged access to contact.


SVE-2021-20190 (CVE-2021-25363): Process information exposure vulnerability in ActivityManagerService

Severity: Moderate
Affected versions: Selected O(8.1), P(9.0), Q(10.0), R(11.0) devices
Reported on: January 5, 2021
Disclosure status: Privately disclosed.
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processes delete some local files.
The patch deletes mis-used permission in CertInstaller not to allow untrusted access to local files.


SVE-2021-19667 (CVE-2021-25364): PendingIntent hijacking vulnerability in Secure Folder

Severity: Moderate
Affected versions: R(11.0)
Reported on: November 16, 2020
Disclosure status: Privately disclosed.
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
The patch changes implicit intent to explicit intent in Secure Folder to prevent unprivileged access to contact.


SVE-2021-20733 (CVE-2021-25356): 3rd party authentication bypass in Managed Provisioning

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: February 15, 2021
Disclosure status: Privately disclosed.
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.
The patch prevents creating knox container without privilege to mitigate the vulnerability.


SVE-2021-20454 (CVE-2021-25365): Arbitrary memory address unmap vulnerability in softsimd

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: January 26, 2021
Disclosure status: Privately disclosed.
An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.
The patch adds proper exception check logic code in softsimd to prevent unprivileged access.


SVE-2021-20775 (CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-11264, CVE-2020-11301): Wi-Fi Fragment & Forge vulnerabilities

Severity: High to Critical
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: January 26, 2021
Disclosure status: Privately disclosed.
Multiple vulnerabilities in the Wi-Fi standards related to fragmentation and aggregation implemented by Wi-Fi chipset providers allow proximate attacker to inject arbitrary packets, forge encrypted frames and exfiltrate data in protected Wi-Fi network.
Respective patches are provided by the Wi-Fi chipset providers to address the vulnerabilities.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Zhang Qing , Bytedance and Bai Guang dong, The University of Queensland: SVE-2021-19881, SVE-2021-19820
Anonymous: SVE-2021-19180
Le Wu of Baidu Security: SVE-2021-20274
Sergey Toshin of Oversecured Inc: SVE-2021-20733
hard_______: SVE-2021-19620, SVE-2021-19667
heeeeen of ZIWU Security Lab: SVE-2021-20333
Zhang Qing from Bytedance WuHeng team: SVE-2021-20190
Zhongquan Li @ CytQ: SVE-2021-20454
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – March 2021 package. The Bulletin (March 2021) contains the following CVE items:

Critical
CVE-2020-11170, CVE-2020-11163, CVE-2020-11272, CVE-2021-0397

High
CVE-2020-11271, CVE-2020-11282, CVE-2017-18509, CVE-2020-11286, CVE-2020-11177, CVE-2020-11187, CVE-2020-11253, CVE-2020-11281, CVE-2020-11296, CVE-2020-11269, CVE-2020-11275, CVE-2020-11280, CVE-2020-11287, CVE-2020-11276, CVE-2020-11270, CVE-2020-11297, CVE-2020-11278, CVE-2021-0395, CVE-2021-0391, CVE-2021-0398, CVE-2017-14491, CVE-2021-0393, CVE-2021-0396, CVE-2021-0390, CVE-2021-0392, CVE-2021-0394

Moderate
None

Already included in previous updates
CVE-2020-11180, CVE-2020-11277

Not applicable to Samsung devices
CVE-2020-11283


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 19 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR March-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-19153 (CVE-2021-25335): Hidden notification contents leak over the lockscreen

Severity: Low
Affected versions: Q(10.0) devices with ONEUI 2.5
Reported on: October 6, 2020
Disclosure status: Privately disclosed.
An improper lockscreen status check in cocktailbar service prior to SMR MAR-2021 Release 1 allows unauthenticated users to see hidden notification contents over the lockscreen in specific conditions.
The patch adds the proper lockscreen status check to prevent hidden notification contents leak.


SVE-2021-19527 (CVE-2021-25337): Arbitrary file read/write vulnerability via unprotected clipboard content provider

Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0) devices except ONEUI 3.1 in R(11.0)
Reported on: November 3, 2020
Disclosure status: Privately disclosed.
An improper access control in clipboard service prior to SMR MAR-2021 Release 1 allows untrusted applications to read or write arbitrary files in the device.
The patch adds the proper caller check to prevent improper access to clipboard service.


SVE-2021-19553 (CVE-2021-25336): Improper access control in NotificationManagerService

Severity: High
Affected versions: P(9.0), Q(10.0)
Reported on: November 6, 2020
Disclosure status: Privately disclosed.
An improper access control in NotificationManagerService prior to SMR MAR-2021 Release 1 allows untrusted applications to acquire notification access.
The patch adds higher permission not to allow untrusted access to notification contents.


SVE-2021-19731 (CVE-2021-25339): EL2 memory can be corrupted with HArx HVC call

Severity: High
Affected versions: Q(10.0), R(11.0) devices with Exynos 9830 chipset
Reported on: November 24, 2020
Disclosure status: Privately disclosed.
An improper address validation in HArx prior to SMR MAR-2021 Release 1 allows EL2 memory corruption using compromised kernel.
The patch adds the proper address validation in HArx to prevent EL2 memory corruption.


SVE-2021-19759 (CVE-2021-25338): RKP region list is writable by EL1

Severity: High
Affected versions: Q(10.0), R(11.0) devices with Exynos 9830 chipset
Reported on: November 25, 2020
Disclosure status: Privately disclosed.
An improper memory access control in RKP prior to SMR MAR-2021 Release 1 allows attackers to write some part of RKP EL2 memory region using compromised kernel.
The patch adds the proper memory access control in RKP to make EL2 memory region inaccessible.


SVE-2021-19945 (CVE-2021-25344): Serial number leak

Severity: High
Affected versions: Q(10.0), R(11.0)
Reported on: December 15, 2020
Disclosure status: Privately disclosed.
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to get device’s serial number without permission.
The patch adds proper permission check on the API to get serial number.


SVE-2021-20009 (CVE-2021-25345): Kernel panic by graphic format mismatch

Severity: Low
Affected versions: Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: December 21, 2020
Disclosure status: Privately disclosed.
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.
The patch addressed the issue.


SVE-2021-19897 (CVE-2021-25369): Potential kernel information exposure from sec_log

Severity: Moderate
Affected versions: O(8.x), P(9.0), Q(10.0)
Reported on: December 10, 2020
Disclosure status: Privately disclosed.
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
The patch removes vulnerable file.


SVE-2021-19925 (CVE-2021-25370): Memory corruption in dpu driver

Severity: Moderate
Affected versions: O(8.x), P(9.0), Q(10.0), R(11.0) devices with selected Exynos chipsets
Reported on: December 12, 2020
Disclosure status: Privately disclosed.
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
The patch fixes incorrect implementation in dpu driver to address memory corruption.


SVE-2021-20029 (CVE-2021-25371): Possible to load arbitrary ELF library inside DSP

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830
Reported on: December 22, 2020
Disclosure status: Privately disclosed.
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
The patch deletes the improper commands in DSP driver.


SVE-2021-20030 (CVE-2021-25372): Out of bounds access vulnerability in DSP driver

Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830
Reported on: December 22, 2020
Disclosure status: Privately disclosed.
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
The patch adds proper boundary check code to prevent out of bounds access.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

GSerg: SVE-2021-19153
Shaechi Security Lab: SVE-2021-19527
Aleksandr Tarasikov: SVE-2021-19731, SVE-2021-19759
Xia Guangshuai & Zhang Qing of ByteDance, Bai Guangdong of The University of Queensland: SVE-2021-19945
Ben Toson: SVE-2021-20009
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – February 2021 package. The Bulletin (February 2021) contains the following CVE items:

Critical
CVE-2021-0325(O8.1, P9), CVE-2021-0326, CVE-2020-11182, CVE-2020-11134

High
CVE-2021-0325(Q10, R11), CVE-2020-10732, CVE-2020-11126, CVE-2020-11159, CVE-2020-11233, CVE-2020-11235, CVE-2020-11238, CVE-2020-11239, CVE-2020-11240, CVE-2020-11241, CVE-2020-11250, CVE-2020-11261, CVE-2020-11262, CVE-2021-0301, CVE-2021-0302, CVE-2021-0305, CVE-2021-0314, CVE-2021-0327, CVE-2021-0328, CVE-2021-0329, CVE-2021-0330, CVE-2021-0331, CVE-2021-0332, CVE-2021-0333, CVE-2021-0334, CVE-2021-0335, CVE-2021-0336, CVE-2021-0337, CVE-2021-0338, CVE-2021-0339, CVE-2021-0340, CVE-2021-0341

Moderate
None

Already included in previous updates
CVE-2020-11181, CVE-2020-11260

Not applicable to Samsung devices
CVE-2020-10767, CVE-2020-10766


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR February-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2021-18243 (CVE-2021-25340): Arbitrary Settings change using Samsung keyboard

Severity: Moderate
Affected Versions: Q(10.0)
Reported on: July 06, 2020
Disclosure status: Privately disclosed.
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows arbitrary change in Settings during Initialization State.
The patch adds proper access control for additional functions of Samsung keyboard.


SVE-2021-19221 (CVE-2021-25334): Local permanent DoS vulnerability in wallpaper service

Severity: High
Affected versions: P(9.0), Q(10.0) , R(11.0)
Reported on: October 12, 2020
Disclosure status: Privately disclosed.
An improper input check in wallpaper service prior to SMR Feb-2021 Release 1 results in permanent denial of service from using the device.
The patch adds the proper input validation to prevent local permanent denial of service.


SVE-2021-19482: Address leakage vulnerability in libhwui library

Severity: Low
Affected versions: Q(10.0) , R(11.0)
Reported on: October 31, 2020
Disclosure status: Privately disclosed.
Unnecessary logs in libhwui library version prior to SMR Feb-2021 Release 1 allows leakage of object address.
The patch fixes incorrect implementation of address logging.


SVE-2021-19507 (CVE-2021-25330): Possible access to non-existent provider

Severity: Moderate
Affected versions: Select Q(10.0) devices
Reported on: November 3, 2020
Disclosure status: Privately disclosed.
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.
The patch blocks access to MobileWips content provider in case MobileWips is not supported.


SVE-2021-19528 (CVE-2021-25347): Hijacking vulnerability in Samsung Email

Severity: Low
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: November 03, 2020
Disclosure status: Privately disclosed.
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.
The patch adds the proper signature check for Samsung Email.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

조승현: SVE-2021-18243
Yunxuan Qu and Zhenjiang Zhao @ Panguite Forensics Lab of Qianxin: SVE-2021-19482
Zhongquan Li @ Xiaomi AIoT Security Lab: SVE-2021-19221, SVE-2021-19507, SVE-2021-19528
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – January 2021 package. The Bulletin (January 2021) contains the following CVE items:

Critical
CVE-2020-0457

High
CVE-2020-0466, CVE-2020-0465, CVE-2020-0444, CVE-2020-0455, CVE-2020-0456, CVE-2020-11138, CVE-2020-11139, CVE-2020-3685, CVE-2020-11143, CVE-2020-11136, CVE-2020-11137, CVE-2020-3691, CVE-2020-3686, CVE-2020-11140, CVE-2020-11179, CVE-2020-11146, CVE-2020-11145, CVE-2020-11144, CVE-2020-11200, CVE-2020-11214, CVE-2020-11215, CVE-2020-11212, CVE-2020-11213, CVE-2020-11119, CVE-2020-11225, CVE-2021-0313, CVE-2021-0303, CVE-2021-0306, CVE-2021-0307, CVE-2021-0310, CVE-2021-0315, CVE-2021-0317, CVE-2021-0318, CVE-2021-0319, CVE-2021-0304, CVE-2021-0309, CVE-2021-0321, CVE-2021-0322, CVE-2019-9376, CVE-2020-15999, CVE-2016-6328, CVE-2021-0311, CVE-2021-0312, CVE-2021-0316, CVE-2020-0471, CVE-2021-0308, CVE-2021-0320

Moderate
None

Already included in previous updates
CVE-2020-11167, CVE-2020-11185

Not applicable to Samsung devices
CVE-2020-11217, CVE-2020-11197, CVE-2020-0016, CVE-2020-0019, CVE-2020-11216


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 9 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR January-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2020-18731: Buffer overflow in bluetooth UART driver

Severity: Moderate
Affected versions: Selected O(8.x), P(9.0), Q(10.0) devices using Broadcom bluetooth chipsets
Reported on: August 19, 2020
Disclosure status: Privately disclosed.
A possible buffer overflow exists in selected broadcom bluetooth UART driver.
The patch adds proper validation of the buffer length.


SVE-2020-18811 (CVE-2021-25346): Memory corruption in quram library with decoding dng

Severity: High
Affected versions: O(8.x), P(9.0), Q(10.0) devices
Reported on: September 6, 2020
Disclosure status: Privately disclosed.
A possible arbitrary memory overwrite vulnerabilities in quram library allow arbitrary code execution.
The patches add the proper validation of the buffer length.


SVE-2020-19174: Out of bounds access vulnerability in mali GPU driver

Severity: Moderate
Affected versions: O(8.x), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: October 7, 2020
Disclosure status: Privately disclosed.
An improper boundary check in mali GPU driver allows out of bounds memory access resulting in device reset.
The patch adds proper boundary check code to prevent out of bounds access.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

Jiska Classen: SVE-2020-18731
Anonymous: SVE-2020-18811
9462ACEE94608EA1643688D026AA95DD: SVE-2020-19174