Go straight to the menu Go straight to the text

Android Security Updates

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - February 2018 package; and Android security patch level (SPL) of February 1, 2018 includes all of these patches. The Bulletin (February 2018) contains the following CVE items:

Critical
CVE-2017-11041, CVE-2017-13228, CVE-2017-13229(L5.1, M6.x), CVE-2017-13230(L5.1, M6.x), CVE-2017-14911

High
CVE-2013-4397, CVE-2015-9191, CVE-2017-0837, CVE-2017-11010, CVE-2017-13167, CVE-2017-13215, CVE-2017-13216, CVE-2017-13230(N7.x, O8.x), CVE-2017-13231, CVE-2017-13232, CVE-2017-13233, CVE-2017-13234, CVE-2017-13235(L5.1, M6.x), CVE-2017-14906, CVE-2017-14910, CVE-2017-14912

Moderate
CVE-2017-11035, CVE-2017-11064, CVE-2017-11081, CVE-2017-13165, CVE-2017-13219, CVE-2017-13220, CVE-2017-13229(N7.x, O8.x), CVE-2017-13236, CVE-2017-13241, CVE-2017-14140, CVE-2017-14873, CVE-2017-14879, CVE-2017-15845, CVE-2017-15847, CVE-2017-15848, CVE-2017-15850, CVE-2017-9689, CVE-2017-9712

Low
None

NSI
CVE-2017-13235(N7.x, O8.x)

Already included in previous updates
CVE-2017-14913

Not applicable to Samsung devices
CVE-2017-0869, CVE-2017-11003, CVE-2017-11066, CVE-2017-11069, CVE-2017-11072, CVE-2017-11079, CVE-2017-11079, CVE-2017-11080, CVE-2017-13214, CVE-2017-13217, CVE-2017-13222, CVE-2017-13226, CVE-2017-13242, CVE-2017-14497, CVE-2017-14869, CVE-2017-14870, CVE-2017-14915, CVE-2017-15537, CVE-2017-15849, CVE-2017-9705


※ Please see Android Security Bulletin for detailed information on Google patches.

In addition, the following backlogged Device Specific CVEs are included in this SMR package:

CVE-2014-10039, CVE-2014-10043, CVE-2014-10044, CVE-2014-10045, CVE-2014-10046, CVE-2014-10047, CVE-2014-10048, CVE-2014-10050, CVE-2014-10051, CVE-2014-10052, CVE-2014-10053, CVE-2014-10054, CVE-2014-10055, CVE-2014-10056, CVE-2014-10057, CVE-2014-10058, CVE-2014-10059, CVE-2014-10062, CVE-2014-10063, CVE-2014-9971, CVE-2014-9972, CVE-2014-9976, CVE-2014-9981, CVE-2014-9985, CVE-2014-9986, CVE-2014-9987, CVE-2014-9988, CVE-2014-9989, CVE-2014-9990, CVE-2014-9991, CVE-2014-9993, CVE-2014-9994, CVE-2014-9995, CVE-2014-9996, CVE-2014-9997, CVE-2014-9998, CVE-2015-0574, CVE-2015-0576, CVE-2015-8593, CVE-2015-8594, CVE-2015-9063, CVE-2015-9064, CVE-2015-9065, CVE-2015-9066, CVE-2015-9108, CVE-2015-9109, CVE-2015-9110, CVE-2015-9111, CVE-2015-9112, CVE-2015-9113, CVE-2015-9114, CVE-2015-9115, CVE-2015-9116, CVE-2015-9118, CVE-2015-9119, CVE-2015-9120, CVE-2015-9122, CVE-2015-9123, CVE-2015-9124, CVE-2015-9126, CVE-2015-9127, CVE-2015-9128, CVE-2015-9129, CVE-2015-9130, CVE-2015-9131, CVE-2015-9132, CVE-2015-9133, CVE-2015-9134, CVE-2015-9135, CVE-2015-9136, CVE-2015-9137, CVE-2015-9138, CVE-2015-9139, CVE-2015-9140, CVE-2015-9141, CVE-2015-9142, CVE-2015-9143, CVE-2015-9144, CVE-2015-9145, CVE-2015-9146, CVE-2015-9147, CVE-2015-9148, CVE-2015-9149, CVE-2015-9150, CVE-2015-9151, CVE-2015-9152, CVE-2015-9153, CVE-2015-9156, CVE-2015-9157, CVE-2015-9158, CVE-2015-9159, CVE-2015-9160, CVE-2015-9161, CVE-2015-9162, CVE-2015-9163, CVE-2015-9164, CVE-2015-9165, CVE-2015-9166, CVE-2015-9167, CVE-2015-9169, CVE-2015-9170, CVE-2015-9171, CVE-2015-9172, CVE-2015-9173, CVE-2015-9174, CVE-2015-9175, CVE-2015-9176, CVE-2015-9177, CVE-2015-9178, CVE-2015-9179, CVE-2015-9180, CVE-2015-9181, CVE-2015-9182, CVE-2015-9183, CVE-2015-9184, CVE-2015-9185, CVE-2015-9186, CVE-2015-9187, CVE-2015-9188, CVE-2015-9189, CVE-2015-9190, CVE-2015-9191, CVE-2015-9192, CVE-2015-9193, CVE-2015-9194, CVE-2015-9195, CVE-2015-9196, CVE-2015-9197, CVE-2015-9198, CVE-2015-9199, CVE-2015-9200, CVE-2015-9201, CVE-2015-9202, CVE-2015-9203, CVE-2015-9204, CVE-2015-9205, CVE-2015-9206, CVE-2015-9207, CVE-2015-9208, CVE-2015-9209, CVE-2015-9210, CVE-2015-9211, CVE-2015-9212, CVE-2015-9213, CVE-2015-9215, CVE-2015-9216, CVE-2015-9217, CVE-2015-9218, CVE-2015-9219, CVE-2015-9220, CVE-2015-9221, CVE-2015-9222, CVE-2015-9223, CVE-2015-9224, CVE-2016-10380, CVE-2016-10381, CVE-2016-10384, CVE-2016-10385, CVE-2016-10386, CVE-2016-10387, CVE-2016-10390, CVE-2016-10392, CVE-2016-10406, CVE-2016-10407, CVE-2016-10409, CVE-2016-10410, CVE-2016-10411, CVE-2016-10412, CVE-2016-10414, CVE-2016-10415, CVE-2016-10416, CVE-2016-10417, CVE-2016-10418, CVE-2016-10419, CVE-2016-10420, CVE-2016-10421, CVE-2016-10422, CVE-2016-10423, CVE-2016-10424, CVE-2016-10425, CVE-2016-10426, CVE-2016-10427, CVE-2016-10428, CVE-2016-10429, CVE-2016-10430, CVE-2016-10431, CVE-2016-10432, CVE-2016-10433, CVE-2016-10434, CVE-2016-10435, CVE-2016-10436, CVE-2016-10437, CVE-2016-10438, CVE-2016-10439, CVE-2016-10440, CVE-2016-10441, CVE-2016-10442, CVE-2016-10443, CVE-2016-10444, CVE-2016-10445, CVE-2016-10446, CVE-2016-10447, CVE-2016-10448, CVE-2016-10449, CVE-2016-10450, CVE-2016-10451, CVE-2016-10452, CVE-2016-10454, CVE-2016-10455, CVE-2016-10456, CVE-2016-10457, CVE-2016-10458, CVE-2016-10459, CVE-2016-10460, CVE-2016-10461, CVE-2016-10462, CVE-2016-10464, CVE-2016-10466, CVE-2016-10467, CVE-2016-10469, CVE-2016-10471, CVE-2016-10472, CVE-2016-10473, CVE-2016-10474, CVE-2016-10475, CVE-2016-10476, CVE-2016-10477, CVE-2016-10478, CVE-2016-10479, CVE-2016-10480, CVE-2016-10481, CVE-2016-10482, CVE-2016-10483, CVE-2016-10484, CVE-2016-10485, CVE-2016-10486, CVE-2016-10487, CVE-2016-10489, CVE-2016-10490, CVE-2016-10491, CVE-2016-10492, CVE-2016-10493, CVE-2016-10494, CVE-2016-10495, CVE-2016-10496, CVE-2016-10497, CVE-2016-10498, CVE-2016-10499, CVE-2016-10501, CVE-2016-5348


Along with Google patches, Samsung Mobile provides 16 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Feb-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2017-10991: Heap overflow in sensorhub binder service lead to code execution in privileged process

Severity: Moderate
Affected Versions: M(6.0), N(7.x)
Reported on: November 8, 2017
Disclosure status: Privately disclosed.
Heap overflow vulnerability in sensorhub binder service can lead to code execution in privileged process.
The patch checks the size of buffer before the memcpy() to avoid heap overflow.


SVE-2017-11165: Buffer overflow in vision

Severity: High
Affected Versions: N(7.x)
Reported on: November 8, 2017
Disclosure status: Privately disclosed.
Buffer overflow vulnerability in vision service can lead to local arbitrary code execution in a privileged process when the frame size is over 2M.
The patch protects the size under enqueue frame using memcpy.


SVE-2017-10747: Code Execution and arbitrary file loading in Email

Severity: Critical
Affected Versions: M(6.0)
Reported on: Nobember 2, 2017
Disclosure status: Privately disclosed.
Vulnerability email app allows an attacker to execute javascript using event attribute and load arbitrary local file using src attribute.
The patch restricts the file scheme and javascript in event attribute.


SVE-2017-11106: App Pinning Bypass via Dex Station

Severity: Moderate
Affected Versions: N(7.x)
Reported on: December 16, 2017
Disclosure status: Privately disclosed.
Pin windows with "Use screen lock type to unpin" option allows an attacker to bypass lock screen without user authentication by changing Samsung DeX mode.
The patch protects the device using a screen lock type when turning the Samsung DeX on.


SVE-2017-10886: Code Execution in Call+

Severity: High
Affected Versions: N(7.x)
Reported on: November 2, 2017
Disclosure status: Privately disclosed.
Vulnerability in Call+ application can allow an attacker to load classes from specific path.
The applied patch removed unused vulnerable implementation.


SVE-2017-10932: Arbitrary application installation in Secure Folder

Severity: Moderate
Affected Versions: N(7.x)
Reported on: November 10, 2017
Disclosure status: Privately disclosed.
A random APK can be installed through Secure Folder SDCARD area.
The patch fixed the logic to check package signature and package name to install verified Backup and restore APK.


SVE-2017-11105: Code execution in Samsung Gallery

Severity: Low
Affected Versions: L(5.x), M(6.0), N(7.x)
Reported on: November 8, 2017
Disclosure status: Privately disclosed.
Vulnerability in Gallery allows code execution with a BMP file.
The patch fixed the parser to validate proper resolution of BMP file.


SVE-2017-10733: Stack overflow in Trustlet

Severity: Critical
Affected Versions: M(6.0) OS( Exynos devices)
Reported on: September 15, 2017
Disclosure status: Privately disclosed.
Vulnerability in Trustlet allows an attacker to obtain pin/password/pattern lock screen data with system privileges.
The patch prevents arbitrary code execution in TEE through stack overflow attack.


SVE-2017-11175: Information disclosure vulnerability in trustonic_tee structure

Severity: Low
Affected Versions: M(6.0), N(7.x), O(8.0) OS( Exynos, Qualcomm devices)
Reported on: October 02, 2017
Disclosure status: Privately disclosed.
A vulnerability allows an attacker to use an exposed kernel address for future attack scenarios.
The patch prevents format string from exposing kernel address.


SVE-2017-11174: Read after free (UAF) in get_kek

Severity: Low
Affected Versions: L(5.1), M(6.0), N(7.x)
Reported on: November 4, 2017
Disclosure status: Privately disclosed.
Assuming system privilege escalation is achieved, absence of synchronizing system in get_kek can bring out race condition and result in use after free vulnerability.
The patch activates the synchronizing system and prevents use of free problems.


SVE-2017-11176: Use after free in vnswap_deinit_backing_storage

Severity: Low
Affected Versions: L(5.x), M(6.0), N(7.x)
Reported on: November 29, 2017
Disclosure status: Privately disclosed.
Assuming root privilege escalation is achieved, absence of synchronizing system in vnswap_deinit_backing_storage can bring out race condition and result in use after free vulnerability.
The patch activates the synchronizing system and prevents use of free problems.


SVE-2017-11177: Double free in vnswap_init_backing_storage

Severity: Low
Affected Versions: L(5.x), M(6.0), N(7.x)
Reported on: October 26, 2017
Disclosure status: Privately disclosed.
Assuming root privilege escalation is achieved, there is a double free vulnerability by race condition, when more than one process executes vnswap_init_backing_storage.
The patch prevents double free issues by applying synchronization mechanism.


SVE-2017-10638: Information disclosure on Trustlet

Severity: Low
Affected Versions: L(5.X) Qualcomm models and N(7.x) Exynos models
Reported on: September 29, 2017
Disclosure status: This issue is publicly known.
A session information of trustlet is logged with user binary.
The patch prevents a trustlet log which includes session information of the trustlet.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements

We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Edward Flanker: SVE-2017-10991, SVE-2017-11165, SVE-2017-10932, SVE-2017-11105
- Michael Mosbey: SVE-2017-11106
- Takeshi Terada of MBSD: SVE-2017-10886
- Hung Chi Su of Team T5: SVE-2017-10733
- Jianqiang: SVE-2017-11175
- Yonggang Guo: SVE-2017-11174, SVE-2017-11176, SVE-2017-11177
- Daniel Komaromy: SVE-2017-10638
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This Security Update package includes patches from Google and Samsung.


The following CVE items from January 2018 Android Security Bulletin with Android security patch level (SPL) of January 1, 2018 are included in this Security Update package:

Critical
CVE-2017-11043,CVE-2017-13177, CVE-2017-13178, CVE-2017-13179, CVE-2017-13208

High
CVE-2017-13162,CVE-2017-0564, CVE-2017-7533, CVE-2017-13174, CVE-2017-14904, CVE-2017-14897,CVE-2017-14902, CVE-2017-14914, CVE-2017-11005, CVE-2017-13077,CVE-2017-13176, CVE-2017-0770, CVE-2017-13180, CVE-2017-13181, CVE-2017-13182,CVE-2017-13184, CVE-2017-0855, CVE-2017-13191, CVE-2017-13192, CVE-2017-13193, CVE-2017-13195,CVE-2017-13196, CVE-2017-13197, CVE-2017-13199, CVE-2017-13209, CVE-2017-13210,CVE-2017-13211, CVE-2017-13185(L5.1, M6.x), CVE-2017-13187(L5.1, M6.x),CVE-2017-13188(L5.1, M6.x), CVE-2017-13203(M6.x), CVE-2017-13204(M6.x),CVE-2017-13205(M6.x), CVE-2017-13186(M6.x), CVE-2017-13189(M6.0.1),CVE-2017-13190(M6.0.1), CVE-2017-13194(L5.1, M6.x), CVE-2017-13198(L5.1, M6.x)

Moderate
CVE-2017-13163,CVE-2017-15868, CVE-2017-1000380, CVE-2017-13168, CVE-2017-13169,CVE-2017-13164, CVE-2017-9708, CVE-2017-11030, CVE-2017-9703, CVE-2017-8244,CVE-2017-14901, CVE-2017-9700, CVE-2017-9722, CVE-2017-11049, CVE-2017-11047,CVE-2017-14899, CVE-2017-11044, CVE-2017-11045, CVE-2017-9710,CVE-2017-11019, CVE-2017-11016, CVE-2017-11033, CVE-2017-8281, CVE-2017-14903,CVE-2017-11031, CVE-2017-14905, CVE-2016-5341, CVE-2017-15813, CVE-2017-13201,CVE-2017-13202, CVE-2017-13206, CVE-2017-13207, CVE-2017-13185(N7.x, O8.0),CVE-2017-13187(N7.x, O8.x), CVE-2017-13188(N7.x, O8.x), CVE-2017-13203(N7.x, O8.x),CVE-2017-13204(N7.x, O8.x), CVE-2017-13205(N7.x, O8.x), CVE-2017-13200(L5.1,M6.x), CVE-2017-13212

Low
CVE-2017-13200(N7.x,O8.x)

NSI
CVE-2017-13186(N7.x,O8.x), CVE-2017-13189(N7.x, O8.x), CVE-2017-13190(N7.x, O8.x), CVE-2017-13194(N7.x,O8.x), CVE-2017-13198(N7.x, O8.x), A-68810306

Already included in previous updates
CVE-2017-14895, CVE-2017-14900

Not applicable to Samsung devices
CVE-2017-13170,CVE-2017-13171, CVE-2017-13173, CVE-2017-6262, CVE-2017-6263, CVE-2017-6276,CVE-2016-3706, CVE-2016-4429, CVE-2017-11007, CVE-2017-9716, CVE-2017-14908,CVE-2017-14909, CVE-2017-14916, CVE-2017-14917, CVE-2017-14918, CVE-2017-11006,CVE-2017-13172, CVE-2017-6280, CVE-2017-13175, CVE-2017-11042, CVE-2017-9718,CVE-2017-9698, CVE-2017-14898, CVE-2017-9709


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 13 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer's confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


Note: In response to the disclosure of Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754), Samsung is adding patch for CVE-2017-13218, which is provided by Google and effectively mitigates all three related CVE’s. Samsung security index (SSI) of SMR Jan-2018 Release MS includes patch for CVE-2017-13218, in addition to all patches in SMR Jan-2018 Release 1.


SVE-2017-10599:vnswap Heap overflow via store function

Severity: Low
Affected versions: L(5.x), M(6.x), N(7.x)
Reported on: September 10, 2017
Disclosure status: Privately disclosed.
Lack of boundary checking in vnswap can lead to arbitrary write with privilege escalation.
The patch prevents from writing arbitrary data over the limit of buffer.


SVE-2017-9995:Vulnerability in S8's InputMethodManagerService

Severity: Low
Affected versions: N(7.x)
Reported on: August 16, 2017
Disclosure status: Privately disclosed.
Device can be rebooted by calling unprotected system service.
The patch prevents a device from rebooting by checking caller’s package name,service name and uid.


SVE-2017-10732:Arbitrary code execution in bootloader via Integer overflow

Severity: Critical
Affected versions: N(7.x) on MT6755/MT6757 models (Mediatek)
Reported on: October 18, 2017
Disclosure status: Privately disclosed.
It is possible to make arbitrary code execution in Bootloader by integer overflow in download offset control.
The patch prevents integer overflow by checking the size value.


SVE-2017-10745:Buffer overflow in exynos chipset

Severity: Critical
Affected versions: All on S.LSI modem chipset
Reported on: November 3, 2017
Disclosure status: Privately disclosed.
There is a buffer overflow issue in the Exynos modem chipset and resulting in a possible baseband exploit.
The patch prevents the baseband exploit by checking the length and IEvalidation on session management module.


SVE-2017-10638:Information disclosure on Trustlet

Severity: Low
Affected versions: M(6.x), N(7.x) on Qualcomm chipsets
Reported on: September 29, 2017
Disclosure status: Privately disclosed.
A session information of trustlet is logged in user binary.
The patch prevents from printing a log which includes session information of the trustlet.


SVE-2017-10733:Stack overflow in Trustlet

Severity: Critical
Affected versions: N(7.x) on Exynos Chipsets
Reported on: September 15, 2017
Disclosure status: Privately disclosed.
A vulnerability allows an attacker to obtain pin/password/pattern lock screen data with system privileges via brute force attack.
The patch prevents arbitrary code execution in TEE using stack overflow attack.


SVE-2017-10906:System Crash via abnormal exception handling

Severity: Low
Affected versions: M(6.x), N(7.x)
Reported on: November 2, 2017
Disclosure status: Privately disclosed.
There is no proper exception handling in Telecom’s activity and it can make system crash via arbitrary calling component.
The patch applies proper exception handling to prevent system crash.


SVE-2017-10885:Sending Malicious ATCMD via DeviceTest application

Severity: Critical
Affected versions: M(6.x), N(7.x)
Reported on: November 18, 2017
Disclosure status: Privately disclosed.
Malicious AT Command can be executed with DeviceTest via NFC Tag from malicious application.
The patch prevents from executing malicious AT command in officially released binary with restriction to handle the command only in Factory binary.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements

We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Scott Bauer: SVE-2017-10599
- Yousra Aafer of Purdue University: SVE-2017-9995
- Frederic Basse : SVE-2017-10732
- Daniel Komaromy: SVE-2017-10638
- Hung Chi Su of Team T5: SVE-2017-10733
- Takeshi Terada of MBSD: SVE-2017-10885