Go straight to the menu Go straight to the text

Android Security Updates

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – March 2020 package. The Bulletin (March 2020) contains the following CVE items:

Critical
CVE-2020-0032

High
CVE-2019-11599, CVE-2019-10567, CVE-2019-10538, CVE-2019-14063, CVE-2019-14055, CVE-2019-14044, CVE-2019-14049, CVE-2020-0030, CVE-2020-0031, CVE-2020-0033, CVE-2020-0034, CVE-2020-0036, CVE-2019-2194, CVE-2020-0035, CVE-2020-0029, CVE-2020-0037, CVE-2020-0038, CVE-2020-0039, CVE-2020-0021

Moderate
CVE-2019-14040, CVE-2019-14041, CVE-2019-14088

Already included in previous updates
CVE-2019-14046

Not applicable to Samsung devices
CVE-2019-14051, CVE-2019-14057, CVE-2019-14060, CVE-2019-10590


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 25 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR March-2020 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-15880: Heap overflow vulnerability in Kernel driver

Severity: High
Affected Versions: Selected O(8.0), P(9.0), Q(10.0) devices with Broadcom chipsets
Reported on: October 12, 2019
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability in kernel driver allows arbitrary code execution.
The patch adds the proper validation of the buffer length.


SVE-2019-16590: Lockdown Mode exposes notifications when pin entry limit is exceeded

Severity: Moderate
Affected Versions: P(9.0), Q(10.0)
Reported on: December 31, 2019
Disclosure status: Privately disclosed.
A vulnerability in Lockdown mode allows exposure of notifications when pin entry limit is exceeded.
The patch addressed notification exposure in Lockdown mode.


SVE-2019-16013: Update arbitrary touch screen firmware

Severity: Moderate
Affected Versions: O(8.x), P(9.0), Q(10.0)
Reported on: October 28, 2019
Disclosure status: Privately disclosed.
An improper verification logic in touch screen firmware update process allows an attacker to load malicious firmware.
The patch adds the proper validation logic in firmware update process.


SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467: Buffer overflow and Out-of-bounds Read/Write in Kernel drivers

Severity: Low
Affected Versions: P(9.0) devices with selected Exynos chipsets
Reported on: November 11, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow and out-of-bounds read/write vulnerabilities exists in kernel drivers related to Wi-Fi module.
The patch adds the proper validation of the buffer length to prevent buffer overflow and out-of-bounds read/write.


SVE-2019-16532: Arbitrary access in Lockscreen of DeX

Severity: Moderate
Affected Versions: Q(10.0)
Reported on: December 18, 2019
Disclosure status: Privately disclosed.
A vulnerability in Lockscreen of DeX allows access to quick panel and notifications without authentication.
The patch prevents access to quick panel and notifications in Lockscreen of DeX.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Anonymous: SVE-2019-15880
- Zach: SVE-2019-16590
- Nir Duan: SVE-2019-16013
- Steven Salerno: SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467
- inDeX of KITRI BoB: SVE-2019-16532
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – February 2020 package. The Bulletin (February 2020) contains the following CVE items:

Critical
CVE-2020-0022(O8.x,P9.0), CVE-2020-0023

High
CVE-2020-0009, CVE-2019-10581, CVE-2019-14010, CVE-2019-14034, CVE-2019-10602, CVE-2018-20856, CVE-2019-10558, CVE-2019-10582, CVE-2019-10585, CVE-2019-10606, CVE-2019-14023, CVE-2019-10583, CVE-2019-15214, CVE-2018-11843, CVE-2020-0014, CVE-2020-0015, CVE-2019-2200, CVE-2020-0017, CVE-2020-0018, CVE-2020-0020, CVE-2020-0021, CVE-2020-0005, CVE-2020-0024, CVE-2020-0026, CVE-2020-0027, CVE-2020-0028, CVE-2019-2116

Moderate
CVE-2020-0022(Q10.0)

Already included in previous updates
CVE-2019-14008, CVE-2019-14024, CVE-2019-14036

Not applicable to Samsung devices
CVE-2019-17666, CVE-2019-2267, CVE-2019-10548, CVE-2019-14002, CVE-2019-10532, CVE-2019-10578, CVE-2019-10579, CVE-2019-10611, CVE-2019-14003, CVE-2019-14004, CVE-2019-14005, CVE-2019-14006, CVE-2019-14013, CVE-2019-14014, CVE-2019-14016, CVE-2019-14017


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 30 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR February-2020 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-15074: Notification on lock screen via Routines

Severity: Low
Affected Versions: P(9.0)
Reported on: July 11, 2019
Disclosure status: Privately disclosed.
Notification contents are shown on the lock screen via Routines.
While it is working as intended, the patch adds detailed explanation of how notification works in Routines.


SVE-2019-15816 and SVE-2019-15817: Buffer overflow in CP message decoding

Severity: Critical
Affected Versions: All devices with select Exynos modem chipsets
Reported on: October 2, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability in baseband allows arbitrary code execution.
The patch adds proper boundary check to prevent buffer overflow.


SVE-2019-15873: Arbitrary memory read/write vulnerability in Widevine Trustlet

Severity: High
Affected Versions: O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets
Reported on: October 11, 2019
Disclosure status: Privately disclosed.
A vulnerability caused by missing checks of memory address accessin Widevine trustlet allows arbitrary memory read and write from non-secure memory.
The patch adds proper range check of accessible memory.


SVE-2019-15984: Stack overflow vulnerability in Esecomm Trustlet

Severity: Critical
Affected Versions: Selected P(9.0), Q(10.0) TEEGRIS devices
Reported on: October 23, 2019
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability in Esecomm trustlet allows arbitrary code execution.
The patch adds the proper validation of the buffer length.


SVE-2019-16132: Use after free and double free in PROCA

Severity: Moderate
Affected Versions: Selected P(9.0), Q(10.0) devices
Reported on: November 12, 2019
Disclosure status: Privately disclosed.
Use-after-free and double-free vulnerabilities in PROCA allows possible arbitrary code execution.
The patch addresses the vulnerabilities in PROCA.


SVE-2019-16193: FRP Bypass through SIM card

Severity: Moderate
Affected Versions: O(8.x), P(9.0), Q(10.0)
Reported on: November 24, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with SIM card.
The patch addressed the issue.


SVE-2019-16265: Arbitrary memory write in RKP

Severity: Moderate
Affected Versions: O(8.0) , P(9.0) devices with Exynos 8895 chipset
Reported on: November 25, 2019
Disclosure status: Privately disclosed.
A possible arbitrary memory write vulnerability exists in RKP.
The patch removes the vulnerable API in RKP.


SVE-2019-16293: Kernel pointer leak in vipx driver

Severity: Moderate
Affected Versions: P(9.0), Q(10.0) devices with Exynos 9610 chipset
Reported on: November 27, 2019
Disclosure status: Privately disclosed.
A kernel pointer leak vulnerability exists in vipx driver.
The patch restricts triggering of vipx driver.


SVE-2019-16294: Arbitrary kfree() in vipx and vertex driver

Severity: Moderate
Affected Versions: P(9.0), Q(10.0) devices with Exynos 9610 chipset
Reported on: November 27, 2019
Disclosure status: Privately disclosed.
A possible arbitrary kfree() vulnerability exists in vipx and vertex driver.
The patch restricts triggering of vipx and vertex driver.


SVE-2019-16295: Heap OOB write in tsmux driver

Severity: Moderate
Affected Versions: O(8.x), P(9.0), Q(10.0) devices with select S.LSI chipset
Reported on: November 27, 2019
Disclosure status: Privately disclosed.
A possible heap OOB write vulnerability exists in tsmux driver.
The patch adds proper boundary check in tsmux driver.


SVE-2019-16296: Race conditions in hdcp2 driver

Severity: Moderate
Affected Versions: O(8.x), P(9.0), Q(10.0) devices with specified S.LSI chipset
Reported on: November 27, 2019
Disclosure status: Privately disclosed.
A possible race condition vulnerability exists in hdcp2 driver.
The patch fixes incorrect implementation of hdcp2 driver to address race condition vulnerability.


SVE-2019-16333: OOB read vulnerability in media.audio_policy

Severity: Low
Affected Versions: O(8.x), P(9.x) Q(10.0)
Reported on: November 29, 2019
Disclosure status: Privately disclosed.
A possible OOB read vulnerability exists in media.audio_policy.
The patch adds the proper validation of the input value.


SVE-2019-16520: UAF in MTP

Severity: Moderate
Affected Versions: O(8.x), P(9.0), Q(10.0)
Reported on: December 14, 2019
Disclosure status: Privately disclosed.
A vulnerability caused by missing synchronization in MTP handler allows use-after-free via race condition.
The patch adds proper synchronization points to avoid all possibility of a race condition.


SVE-2019-16554: OEM unlocked in KG enrolled device

Severity: High
Affected Versions: Selected P(9.x), Q(10.x) devices
Reported on: July 26, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows turning on OEM unlock feature for KG enrolled devices in certain conditions and it enables unauthorized downloading of customized binaries.
The patch fixes the verification logic for OEM unlock features in KG enrolled devices.


SVE-2019-16614: Weakness in facial recognition

Severity: High
Affected Versions: P(9.0) Galaxy S8 and Note8 devices
Reported on: October 2, 2019
Disclosure status: Privately disclosed.
Weakness in facial recognition in specific devices result in possible false authentication.
The patch enhances facial recognition accuracy with closed eye detection and improved detection logic.


SVE-2019-16665: Update TEE to prevent arbitrary memory mapping

Severity: Critical
Affected Versions: O(8.x), P(9.0), Q(10.0) devices with Exynos 9810 chipset
Reported on: July 24, 2019
Disclosure status: Privately disclosed.
A vulnerability in TEE allows arbitrary memory mapping.
The patch restricts arbitrary memory mapping in TEE.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Andr. Ess: SVE-2019-15074
- Anonymous: SVE-2019-15816, SVE-2019-15817
- Federico Menarini: SVE-2019-15873
- Aleksandr Tarasikov: SVE-2019-15984
- Jann Horn of Google Project Zero: SVE-2019-16132
- Pasca Ioan Mircea: SVE-2019-16193
- Aristeidis Thallas of CENSUS S.A.: SVE-2019-16265
- Brandon Azad of Google Project Zero: SVE-2019-16293, SVE-2019-16294, SVE-2019-16296
- Ian Beer of Google Project Zero: SVE-2019-16295
- Jann Horn of Google Project Zero: SVE-2019-16520
- Andrea Possemato, Security Researcher @ IDEMIA: SVE-2019-16333
- Alexandre Adamski, Joffrey Guilbon, and Maxime Peterlin from Quarkslab: SVE-2019-16665
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – January 2020 package. The Bulletin (January 2020) contains the following CVE items:

Critical
CVE-2019-2242, CVE-2019-10500, CVE-2019-10525, CVE-2019-2204, CVE-2020-0002(O8.x, P9.0)

High
CVE-2019-10513, CVE-2019-10517, CVE-2017-0510, CVE-2017-0648, CVE-2019-10487, CVE-2019-10516, CVE-2019-10607, CVE-2019-15239, CVE-2018-20961, CVE-2018-11980, CVE-2019-10480, CVE-2019-10536, CVE-2019-10537, CVE-2019-10557, CVE-2019-10595, CVE-2019-10598, CVE-2019-10600, CVE-2019-10601, CVE-2019-10605, CVE-2019-2231, CVE-2020-0001(O8.x, P9.0), CVE-2020-0003, CVE-2020-0004, CVE-2020-0006, CVE-2020-0007, CVE-2020-0008, CVE-2019-2218, CVE-2019-2208

Moderate
CVE-2020-0001(Q10.0), CVE-2020-0002(Q10.0)

Already included in previous updates
CVE-2019-2274, CVE-2019-10481, CVE-2019-2304

Not applicable to Samsung devices
CVE-2019-10482, CVE-2019-15220


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 17 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR January-2020 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-14575: Brute force attack on screen lock password

Severity: High
Affected Versions: O(8.x), P(9.0), Q(10.0) devices with Exynos7885, Exynos8895, Exynos9810 chipsets
Reported on: May 17, 2019
Disclosure status: Privately disclosed
A vulnerable design in Gatekeeper trustlet allows brute force attack on screen lock password. And previous patch caused unexpected side effects that required a fix.
The patch adds exception handling to prevent unexpected close of Gatekeeper trustlet.


SVE-2019-15872: Improper aligned size check leads buffer overflow in secure bootloader

Severity: Critical
Affected Versions: O(8.x), P(9.0), Q(10.0) devices with Exynos chipset
Reported on: October 11, 2019
Disclosure status: Privately disclosed.
An invalid check of usb buffer size in Secure Bootloader allows arbitrary code execution.
The patch adds proper size check logic of usb buffer.


SVE-2019-15876: Stack overflow in the kperfmon driver

Severity: Low
Affected Versions: P(9.0), Q(10.0)
Reported on: October 11, 2019
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability exists in kperfmon driver.
The patch adds proper boundary check logic of kernel buffer length.


SVE-2019-15877: Stack overflow in display driver

Severity: Low
Affected Versions: Selected O(8.x), P(9.0), Q(10.0) devices
Reported on: October 11, 2019
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability in display driver allows arbitrary code execution.
The patch adds the proper validation of the buffer length.


SVE-2019-16010, SVE-2019-16011, SVE-2019-16012: Leakage of cached data in Gallery

Severity: Moderate
Affected Versions: P(9.0)
Reported on: October 25, 2019
Disclosure status: Privately disclosed.
A vulnerability in Gallery allows leakage of cached contents.
The patch moves the cache file to the application's sandbox.


SVE-2019-16088: Stack overflow in Baseband

Severity: Critical
Affected Versions: O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets
Reported on: November 7, 2019
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability in baseband allows arbitrary code execution.
The patch adds the proper validation of the buffer length.


SVE-2019-16161: Kernel stack address leak

Severity: Moderate
Affected Versions: O(8.x), P(9.0), Q(10.0)
Reported on: November 18, 2019
Disclosure status: Privately disclosed.
A vulnerability exposes kernel stack address to userspace.
The patch restricts the capability of the interface to prevent address exposure.


SVE-2019-16192: FRP Bypass using AppTray

Severity: Moderate
Affected Versions: P(9.0)
Reported on: November 25, 2019
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass with AppTray.
The patch addressed the issue.


SVE-2019-15816 and SVE-2019-15817: Buffer overflow in CP message decoding

Severity: Critical
Affected Versions: All devices with select Exynos modem chipsets
Reported on: October 2, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability in baseband allows arbitrary code execution.
The patch adds proper boundary check to prevent buffer overflow.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Chao Cheng Yu of TeamT5: SVE-2019-14575, SVE-2019-15872
- Jianqiang Zhao: SVE-2019-15876, SVE-2019-15877
- Andr. Ess: SVE-2019-16010, SVE-2019-16011, SVE-2019-16012
- Fluoroacetate working with Zero Day Initiative: SVE-2019-16088 (CVE-2020-8860)
- Dong-Hoon Yoo: SVE-2019-16161
- Pasca Ioan Mircea: SVE-2019-16192
- Anonymous: SVE-2019-15816, SVE-2019-15817