Go straight to the menu Go straight to the text
Home>Android Security Updates>Details

Android Security Updates

2018Open selected window by year

Close selected window by year
January February March April May June July August September October November December

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Dec 2018 package. The Bulletin (Dec 2018) contains the following CVE items:

Critical
CVE-2018-5912, CVE-2018-9549, CVE-2018-9550, CVE-2018-9551, CVE-2018-9552, CVE-2018-9555

High
CVE-2018-5916, CVE-2018-11996, CVE-2018-11905, CVE-2017-15818, CVE-2018-9547, CVE-2018-9548, CVE-2018-9553, CVE-2018-9538, CVE-2018-9554, CVE-2018-9557, CVE-2018-9558, CVE-2018-9559, CVE-2018-9560, CVE-2018-9562, CVE-2018-9566

Moderate
None

Low
None

NSI
None

Already included in previous updates
CVE-2017-18317, CVE-2018-5917, CVE-2018-5877, CVE-2018-5870, CVE-2018-11994, CVE-2018-11269, CVE-2017-18318, CVE-2017-18316, CVE-2016-10502, CVE-2018-9543(O8.1)

Not applicable to Samsung devices
CVE-2018-11264, CVE-2018-9556, CVE-2017-18315, CVE-2018-11995, CVE-2018-9543(N7.x, O8.0)


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 40 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Dec-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-11628: Improper access to Secure Folder

Severity: Moderate
Affected Versions: N(7.x)
Reported on: March 28, 2018
Disclosure status: Privately disclosed.
A vulnerability in Secure Folder app allow access without authentication.
The patch modifies the startup logic of the Secure Folder app to enforce authentication.


SVE-2018-12053: Malicious permission grant by Quick Tools

Severity: Moderate
Affected versions: N(7.0)
Reported on: May 25, 2018
Disclosure status: Privately disclosed.
A vulnerability allows location permission to bypass lockscreen when using the compass function in QuickTools.
The patch allows the lock state before allowing permission.


SVE-2018-12959: Race condition vulnerability in g2d driver

Severity: Moderate
Affected Versions: O(8.x), P(9.0) devices with Exynos 9810 chipset
Reported on: September 6, 2018
Disclosure status: Privately disclosed.
A vulnerability in g2d driver causes use after free race condition between threads.
The patches prevent use after free by applying synchronization mechanism.


SVE-2018-13057: Improper access to Secure Folder

Severity: Moderate
Affected Versions: O(8.x)
Reported on: September 24, 2018
Disclosure status: Privately disclosed.
A vulnerability in Secure Folder results in exposure of gallery app without authentication.
The patch fixes Secure Folder to enforce authentication when creating task of gallery.


SVE-2018-13299: Privileged code execution by Dual Messenger

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: October 22, 2018
Disclosure status: Privately disclosed.
A vulnerability allows installation of arbitrary apk to invoke unauthorized activity to Dual Messenger.
The patch restricts privilege of the app that calls Dual Messenger.


SVE-2018-13035: Information disclosure in the g2d_drv driver

Severity: Low
Affected Versions: O(8.x), P(9.0) devices with Exynos 9810 chipset
Reported on: September 17, 2018
Disclosure status: Privately disclosed.
A kernel pointer vulnerability in g2d driver allows information disclosure.
The patch fixes incorrect implementation of kernel logging.


SVE-2018-13188: Stack overflow in baseband

Severity: Critical
Affected Versions: O(8.0) devices with Exynos 9810, 8895 chipsets
Reported on: October 15, 2018
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband.


SVE-2018-13187: Heap overflow in the baseband

Severity: Critical
Affected Versions: O(8.0) devices with Exynos 9810, 8895 chipsets
Reported on: October 15, 2018
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability in baseband may cause memory issues.
The patch adds length check code in the baseband.


SVE-2018-13381: Clipboard access in lockscreen

Severity: Moderate
Affected Versions: N(7.x), O(8.x)
Reported on: November 2, 2018
Disclosure status: Privately disclosed.
A vulnerability allows access to clipboard information via copy & paste in the locked state.
The patch blocks access clipboard contents in the copy & paste popup in the lock screen.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Andrey Kunitsyn: SVE-2018-11628
- Bogdan: SVE-2018-12053, SVE-2018-13057
- Jianqiang Zhao: SVE-2018-12959, SVE-2018-13035
- Hutton Calum: SVE-2018-13299
- Andr. Ess: SVE-2018-13381
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Nov 2018 package. The Bulletin (Nov 2018) contains the following CVE items:

Critical
CVE-2018-9527, CVE-2018-9528, CVE-2018-9529, CVE-2018-9530, CVE-2018-9531, CVE-2018-9532, CVE-2018-9533, CVE-2018-9534, CVE-2018-9535, CVE-2018-9536, CVE-2018-9537

High
CVE-2018-9515, CVE-2018-9514, CVE-2018-9522, CVE-2018-9523, CVE-2018-9524, CVE-2018-9525, CVE-2018-9521, CVE-2018-9539, CVE-2018-9540, CVE-2018-9542, CVE-2018-9543, CVE-2018-9544, CVE-2018-9545, CVE-2018-9541(N7.x,O8.x)

Moderate
CVE-2018-5907, CVE-2018-11304, CVE-2018-9347, CVE-2018-9541(P9)

Low
None

NSI
None

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2018-9387, CVE-2018-9513, CVE-2017-13247, CVE-2018-9457


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 8 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Nov-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-12911: Sensitive Data Exposure via Emergency Dialer

Severity: Moderate
Affected Versions: O(8.x)
Reported on: August 27, 2018
Disclosure status: Privately disclosed.
The clipboard content can be leaked without authorization when connecting USB device.
The patch added protection to hide clipboard contents immediately when device was locked.


SVE-2018-12894: FRP bypass via voice assistant

Severity: Moderate
Affected Versions: O(8.x)
Reported on: August 27, 2018
Disclosure status: Privately disclosed.
A vulnerability allows access to Samsung Internet to install malicious application before Setup-Wizard is complete resulting in FRP lock bypass.
The fix blocks access to Samsung Internet before Setup-Wizard is complete.


SVE-2018-12925: Notification leak

Severity: High
Affected Versions: O(8.x)
Reported on: September 1, 2018
Disclosure status: Privately disclosed.
Lack of appropriate handling in “standalone Dex” mode allows unauthenticated users to see all incoming notifications and their contents even if a device is locked and configured as hiding contents.
The patch blocks heads-up notification in a locked device.


SVE-2018-12881: Arbitrary memory write with the Trustlet

Severity: Critical
Affected Versions: N(7.x), O(8.X) devices with Exynos chipset
Reported on: August 20, 2018
Disclosure status: Privately disclosed.
Assuming a vulnerability in a Trustlet, a vulnerability in secure driver allows access to sensitive APIs to potentially bypass protection measures.
The patch restricts access to sensitive APIs within secure driver.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Bogdan: SVE-2018-12911, SVE-2018-12925
- Ričards Dāvis Jansons: SVE-2018-12894
- Sanfelix, Eloi: SVE-2018-12881
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Oct 2018 package. The Bulletin (Oct 2018) contains the following CVE items:

Critical
CVE-2016-10394, CVE-2018-11950, CVE-2018-5866, CVE-2018-11824, CVE-2018-9490, CVE-2018-9473, CVE-2018-9496, CVE-2018-9497, CVE-2018-9498, CVE-2017-13283, CVE-2018-9476, CVE-2018-9504

High
CVE-2017-5754, CVE-2018-11816, CVE-2018-11898, CVE-2018-11842, CVE-2018-11836, CVE-2018-11261, CVE-2016-10408, CVE-2017-18313, CVE-2017-18312, CVE-2017-18124, CVE-2018-3588, CVE-2018-11951, CVE-2018-11952, CVE-2018-5871, CVE-2018-5914, CVE-2018-11288, CVE-2018-11292, CVE-2018-11846, CVE-2018-9491, CVE-2018-9492, CVE-2018-9493, CVE-2018-9499, CVE-2018-9501, CVE-2018-9502, CVE-2018-9503, CVE-2018-9505, CVE-2018-9506, CVE-2018-9507, CVE-2018-9508, CVE-2018-9509, CVE-2018-9510, CVE-2018-9511

Moderate
CVE-2018-5832, CVE-2018-11270, CVE-2018-9452, CVE-2018-5390, CVE-2018-5391

Low
None

NSI
None

Already included in previous updates
CVE-2018-9384, CVE-2017-18314, CVE-2017-18311, CVE-2018-11290, CVE-2018-11287, CVE-2018-11855

Not applicable to Samsung devices
CVE-2017-15825, CVE-2018-11285, CVE-2018-11857, CVE-2018-11858, CVE-2018-11866, CVE-2018-11865


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Oct-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-12852: Buffer overflow in the Trustlet

Severity: Critical
Affected Versions: N(7.x), O(8.X) devices with Exynos chipsets
Reported on: August 15, 2018
Disclosure status: Privately disclosed.
A buffer overflow vulnerability in esecomm trustlet allows an attacker to perform arbitrary code execution.
The patch adds proper validation of buffer length to prevent buffer overflow.


SVE-2018-12853: Invalid free in the Trustlet

Severity: Critical
Affected Versions: N(7.x), O(8.x) devices with Exynos chipsets
Reported on: August 15, 2018
Disclosure status: Privately disclosed.
An invalid free vulnerability in fingerprint trustlet allows an attacker to perform arbitrary code execution.
The patches deallocate the right pointer to prevent invalid free.


SVE-2018-12855: Incorrect usage of shared memory in the Trustlet

Severity: Critical
Affected Versions: N(7.x), O(8.X) devices with Exynos chipsets
Reported on: August 15, 2018
Disclosure status: Privately disclosed.
A vulnerability in vaultkeeper trustlet leaks shared memory address allowing an attacker to perform arbitrary code execution.
The patch adds proper validation of shared memory address.


SVE-2018-12684: Clipoboard access in lockscreen

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: July 26, 2018
Disclosure status: Privately disclosed.
The clipboard content can be leaked without authorization when using physical keyboard.
The patch adds protection to hide clipboard contents immediately when device is locked.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Eloi Sanfelix: SVE-2018-12852, SVE-2018-12853, SVE-2018-12855
- Andr. Heß: SVE-2018-12684

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – Sep 2018 package. The Bulletin (Sep 2018) contains the following CVE items:

Critical  
CVE-2017-18310, CVE-2017-18305, CVE-2017-18296, CVE-2017-15817, CVE-2018-9475, CVE-2018-9478, CVE-2018-9479, CVE-2018-9411, CVE-2018-9427 

High  
CVE-2018-11258, CVE-2018-9465, CVE-2018-11260, CVE-2017-18308, CVE-2017-18301, CVE-2017-18302, CVE-2017-18300, CVE-2017-18304, CVE-2017-18298, CVE-2017-18297, CVE-2017-18293, CVE-2017-18295, CVE-2017-18303, CVE-2017-18299, CVE-2017-18282, CVE-2017-18280, CVE-2018-5383, CVE-2018-9466, CVE-2018-9467, CVE-2018-9468, CVE-2018-9469, CVE-2018-9470, CVE-2018-9471, CVE-2018-9472, CVE-2018-9474, CVE-2018-9440, CVE-2018-9456, CVE-2018-9477, CVE-2018-9480, CVE-2018-9481, CVE-2018-9482, CVE-2018-9483, CVE-2018-9484, CVE-2018-9485, CVE-2018-9486, CVE-2018-9487 

Moderate  
CVE-2017-15814, CVE-2017-15851, CVE-2017-8261, CVE-2017-9711, CVE-2018-3587, CVE-2017-18307, CVE-2017-18306, CVE-2018-1068, CVE-2018-9439, CVE-2018-5904, CVE-2018-5905, CVE-2018-5909, CVE-2018-5903, CVE-2018-5910, CVE-2018-11263, CVE-2018-5908, CVE-2017-13322, CVE-2017-13295, CVE-2018-9488 

Low
None

NSI
None

Already included in previous updates  
CVE-2017-18309, CVE-2017-18294, CVE-2017-18292, CVE-2017-18281, CVE-2017-13077 

Not applicable to Samsung devices  
CVE-2018-9406, CVE-2018-11305, CVE-2017-18283, CVE-2017-18249, CVE-2018-9464, CVE-2018-9463, CVE-2018-9462

※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 18 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Sep-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release. 


SVE-2017-11857: Buffer overflow vulnerability in ecryptfs

Severity: Low
Affected versions: M(6.0) N(7.x) O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T
Reported on: Sep 11, 2017
Disclosure status: Privately disclosed.
The vulnerability allows an attacker to cause an integer underflow.
The patch inserts logic to check the size of the variable to prevent integer underflow.


SVE-2018-11940: Rooting of device with custom image

Severity: High
Affected versions: N(7.0) devices with Qualcomm models using MSM8996 chipset
Reported on: May 12, 2017
Disclosure status: Privately disclosed.
The vulnerability allows an attacker to use a specially modified image to run scripts in INIT context.
The patch deleted all unnecessary execution commands in INIT.


SVE-2018-12053: QuickTools vulnerability

Severity: Moderate
Affected versions: O(8.x) S9 series, S8 series, S7 sereise, S6 series, Note FE, Note 8, Note 5
Reported on: May 25, 2018
Disclosure status: Privately disclosed.
The vulnerability allows location permission to bypass lockscreen when using the compass function in QuickTools.
The patch checks the lock state and allows permission.


SVE-2018-12458: Smartwatch Displaying Secure Folder Notification Contents

Severity: High
Affected versions: O(8.x)
Reported on: July 09, 2018
Disclosure status: Privately disclosed.
The vulnerability allows hidden content notifications of Secure Folder to be displayed in smartwatch.
The patches blocks notifications to smartwatches coming from Secure Folder.


SVE-2018-12757: Stack buffer overflow in Shannon Baseband

Severity: Critical
Affected versions: N(7.x) O(8.x) P(9.0) devices with Exynos chipset
Reported on: July 05, 2018
Disclosure status: Privately disclosed.
Stack buffer overflow vulnerability in Shannon Baseband components.
The applied patch adds check of length range to prevent buffer overflow.


SVE-2018-12761: Cache-attacks on AES-GCM implementation

Severity: Moderate
Affected versions: N(7.0) devices with Exynos exynos7420 chipset and O(8.0) devices with Exynos 8890/8996 chipset
Reported on: June 25, 2018
Disclosure status: Privately disclosed.
In Keymaster, AES implementations based on T-Tables are vulnerable and slow in comparison to CE(Cryptography Extension) instruction.
Keymaster is updated to use AES implementations based on CE(Cryptography Extension) instead of T-Tables, to enhance security and performance.


SVE-2018-11806: Clipboard contents visible when device is locked

Severity: Moderate
Affected versions: N(7.x) O(8.x)
Reported on: April 30, 2018
Disclosure status: Privately disclosed.
Clipboard was not disabled for emergency contact picker while the device is locked.
The patch disabled the clipboard for emergency contact picker while the phone is locked.


SVE-2018-11989, SVE-2018-11990: Keyboard learned words leak when device is locked

Severity: Moderate
Affected versions: N(7.x) O(8.x)
Reported on: May 17, 2018
Disclosure status: Privately disclosed.
Prediction clipboard was not disabled for emergency contact picker while the device is locked.
The patch disabled the prediction clipboard for emergency contact picker while the phone is locked.



Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time. 

Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products. 

- Frédéric Basse : SVE-2017-11857
- Andr Ess : SVE-2018-11806
- Bogdan : SVE-2018-11989, SVE-2018-11990, SVE-2018-12053
- Thomas Huntington : SVE-2018-11940
- Ovidiu Sirb : SVE-2018-12458
- Ben Lapid and Avishai Wool : SVE-2018-12761
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – Aug 2018 package. The Bulletin (Aug 2018) contains the following CVE items:

Critical
CVE-2018-11257, CVE-2018-9427, CVE-2018-9446, CVE-2018-9450

High
CVE-2017-18131, CVE-2018-5837, CVE-2018-9422, CVE-2018-9417, CVE-2018-6927, CVE-2018-5873, CVE-2017-18278, CVE-2017-18172, CVE-2017-18277, CVE-2017-18279, CVE-2018-9445, CVE-2018-9438, CVE-2018-9458, CVE-2018-9451, CVE-2018-9444, CVE-2018-9437(M6.x), CVE-2018-9455, CVE-2018-9436, CVE-2018-9454, CVE-2018-9448, CVE-2018-9453

Moderate
CVE-2018-9402, CVE-2018-9397, CVE-2018-9395, CVE-2018-9394, CVE-2018-9393, CVE-2018-5893, CVE-2018-9390, CVE-2017-0606, CVE-2017-1000, CVE-2018-9415, CVE-2018-3570, CVE-2018-9416, CVE-2018-1065, CVE-2018-5859, CVE-2018-5862, CVE-2018-5865, CVE-2018-5858, CVE-2018-5864, CVE-2018-9376, CVE-2018-9437(N7.x, O8.x), CVE-2017-1000100, CVE-2018-9435, CVE-2018-9449, CVE-2018-9441, CVE-2018-9447

Low
None

NSI
None

Already included in previous updates
CVE-2018-5838, CVE-2016-2108, CVE-2017-15841, CVE-2017-18276, CVE-2017-13077, CVE-2017-13078

Not applicable to Samsung devices
CVE-2018-3586, CVE-2018-11259, CVE-2018-5703, CVE-2018-5882, CVE-2018-5878, CVE-2018-5876, CVE-2018-5874, CVE-2018-5875, CVE-2018-5872, CVE-2017-18173, CVE-2017-18170, CVE-2017-18171, CVE-2017-18274, CVE-2017-18275, CVE-2017-1821, CVE-2018-7995, CVE-2018-9459, CVE-2018-9461, CVE-2018-9457, CVE-2017-13242


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Aug-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2016-6341: Security attack scenario while fake charging at public kiosk  

Severity: High
Affected Versions: N(7.1), O(8.x)
Reported on: June 12, 2018
Disclosure status: Privately disclosed.
The vulnerability allows an attacker to execute critical functions without user interaction or any permissions even when devices are locked.
The patch restricts attacker from executing some critical functions while devices are locked.


SVE-2018-11766: Secure Folder Streams content without Biometrics Authenticated

Severity: High
Affected Versions: N(7.x), O(8.x)
Reported on: April 17, 2018
Disclosure status: Privately disclosed.
When the device is connected to an external device, the gallery app in secure folder does not block the slideshow content even after secure folder is locked.
The patch is to hide the content on slideshow in gallery app to receive notification when the secure folder is locked.


SVE-2018-11792: Keymaster architecture vulnerability

Severity: Critical
Affected Versions: M(6.0), N(7.x), O(8.x) devices with Exynos chipset
Reported on: February 12, 2018
Disclosure status: Privately disclosed.
One of tlApi was not protected from unspecific trustlet.
The patch restricts access control of tlApi in TEE via access control mechanism.


SVE-2017-11816: Array overflow vulnerability in drivers input booster

Severity: Low
Affected Versions: N(7.x), O(8.x)
Reported on: November 07, 2017
Disclosure status: Privately disclosed.
The vulnerability allows an attacker to cause an array overflow.
The patch prevents array overflow by inserting logic to check the size of the index variable.


SVE-2018-11828: Buffer Overflow in Exynos Chipset

Severity: Critical
Affected Versions: M(6.0), N(7.x), O(8.x) devices with Exynos chipset
Reported on: April 28, 2018
Disclosure status: Privately disclosed.
A buffer overflow vulnerability in a function of Exynos Chipset may result in baseband exploit.
The applied patch adds check of length range to prevent buffer overflow.


SVE-2017-11855: Integer underflow vulnerability in ecryptfs function

Severity: Low
Affected Versions: M(6.0), N(7.x), O(8.x)
Reported on: Sep 11, 2017
Disclosure status: Privately disclosed.
The vulnerability allows an attacker to cause an integer underflow.
The patch prevent by inserting logic to check the size of the variable.


SVE-2018-12029: Buffer out of bounds write in WiFi Chip

Severity: Low
Affected Versions: N(7.x) models with BCM4358 Chipset
Reported on: May 21, 2018
Disclosure status: Privately disclosed.
Lack of boundary checking of a buffer in WiFi Chip can lead to memory corruption.
The patch checks buffer size and prevents buffer overflow.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products. 

- Rahul Koul: SVE-2018-11766
- Ben Lapid and Avishai Wool: SVE-2018-11792
- Yonggang Guo: SVE-2017-11816
- Frederic Basse: SVE-2017-11855
- Felicitas Hetzelt, Dokyung Song, Dipanjan Das: SVE-2018-12029
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - July 2018 package; and Android security patch level (SPL) of July 1, 2018 includes all of these patches. The Bulletin (July 2018) contains the following CVE items:

Critical
CVE-2018-9373, CVE-2018-9433, CVE-2018-9411, CVE-2018-9365

High
CVE-2017-0564, CVE-2017-13077, CVE-2018-5896, CVE-2018-9368, CVE-2017-17807, CVE-2017-17558, CVE-2017-17806, CVE-2018-9367, CVE-2018-5829, CVE-2018-5831, CVE-2018-9410, CVE-2018-9424, CVE-2018-9428, CVE-2018-9412, CVE-2018-9421, CVE-2018-9432, CVE-2018-9420, CVE-2018-9419, CVE-2018-9423(6.x), CVE-2018-5383

Moderate
CVE-2018-5827, CVE-2018-3568, CVE-2017-15857, CVE-2018-5857, CVE-2018-9389, CVE-2018-5832, CVE-2018-5895, CVE-2018-9401, CVE-2018-5897, CVE-2017-13308, CVE-2018-5898, CVE-2018-5889, CVE-2018-5890, CVE-2018-9398, CVE-2016-5342, CVE-2016-5080, CVE-2017-11088, CVE-2017-15856, CVE-2018-3564, CVE-2017-18075, CVE-2018-9383, CVE-2018-9385, CVE-2018-5836, CVE-2018-7480, CVE-2018-9377, CVE-2018-9426, CVE-2018-9429, CVE-2018-9423(7.x, 8.x), CVE-2018-9413, CVE-2018-9418, CVE-2018-9430, CVE-2018-9414, CVE-2018-9431

Low
None

NSI
None

Already included in previous updates
CVE-2017-18155, CVE-2018-5885, CVE-2018-5892, CVE-2018-5830, CVE-2018-5834, CVE-2018-3597

Not applicable to Samsung devices
CVE-2018-9363, CVE-2017-18158, CVE-2017-18158, CVE-2017-18159, CVE-2018-9364, CVE-2017-6294, CVE-2017-6292, CVE-2017-6290, CVE-2018-9369, CVE-2018-9370, CVE-2018-9371, CVE-2018-9372, CVE-2018-5854, CVE-2018-9366, CVE-2018-5891, CVE-2017-18156, CVE-2017-18157, CVE-2018-5884, CVE-2018-5894, CVE-2018-5835, CVE-2018-3569, CVE-2017-11076, CVE-2017-15824, CVE-2018-9388, CVE-2017-14872, CVE-2017-14893, CVE-2017-15824, CVE-2018-9407, CVE-2018-9408, CVE-2018-9386, CVE-2018-5887, CVE-2018-5888, CVE-2018-5899, CVE-2018-9400, CVE-2018-9396, CVE-2018-9392, CVE-2018-9391, CVE-2018-9403, CVE-2018-9404, CVE-2018-3577, CVE-2018-9409


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 9 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jul-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-11599: Buffer overflow in Trustlet

Severity: Critical
Affected Versions: M(6.0) devices with Exynos or MediaTek chipset
Reported on: March 20, 2018
Disclosure status: Privately disclosed.
Lack of boundary checking of a buffer in Trustlet can lead to memory corruption.
The patch prevents buffer overflow by confirming the size of source and destination.


SVE-2018-11600: Information disclosure in Trustlet

Severity: Moderate
Affected Versions: M(6.0)
Reported on: March 20, 2018
Disclosure status: Privately disclosed.
The vulnerability exposes the address information of Trustlet in the log.
The patch removes the problematic code.


SVE-2018-11669: Secure folder split screen bug

Severity: Moderate
Affected Versions: O(8.0)
Reported on: April 4, 2018
Disclosure status: Privately disclosed.
A vulnerability allows execution of application in Secure Folder without password.
The patch prevents showing of applications of Secure Folder in split screen when Secure Folder is locked.


SVE-2018-11852: Kernel information disclosure vulnerability in Mediatek driver function

Severity: Low
Affected Versions: N(7.x) devices with Mediatek chipsets
Reported on: September 08, 2017
Disclosure status: Privately disclosed.
The vulnerability allows an attacker to use an exposed kernel stack value for future attack scenarios.
The patch prevent the kernel stack value from exposure by initializing variables.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products. 

- Chang Uk Chung: SVE-2018-11599, SVE-2018-11600
- Suthiwat: SVE-2018-11669
- Frederic Basse: SVE-2018-11852
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - June 2018 package; and Android security patch level (SPL) of June 1, 2018 includes all of these patches. The Bulletin (June 2018) contains the following CVE items:

Critical
CVE-2018-3580, CVE-2018-9341, CVE-2018-5146, CVE-2018-9355, CVE-2018-9356

High
CVE-2017-13225, CVE-2017-16643, CVE-2018-5841, CVE-2018-5850, CVE-2017-18154, CVE-2018-3562, CVE-2018-9338, CVE-2018-9339, CVE-2017-13227, CVE-2018-9340, CVE-2018-9344, CVE-2018-9345, CVE-2018-9346, CVE-2018-9347, CVE-2018-9348, CVE-2018-9357, CVE-2018-9358, CVE-2018-9359, CVE-2018-9360, CVE-2018-9361, CVE-2018-9362, CVE-2018-9349(6.x), CVE-2018-9350(6.x), CVE-2018-9351(6.x), CVE-2018-9352(6.x), CVE-2018-9353(6.x), CVE-2018-9354(6.x)

Moderate
CVE-2017-15852, CVE-2018-5824, CVE-2017-8269, CVE-2018-5344, CVE-2017-15129, CVE-2018-5849, CVE-2018-5851, CVE-2018-5842, CVE-2018-5853, CVE-2018-5843, CVE-2018-3582, CVE-2018-3581, CVE-2018-3576, CVE-2018-3572, CVE-2018-3571, CVE-2017-18153, CVE-2017-15854, CVE-2017-15843, CVE-2017-15842, CVE-2017-15832, CVE-2017-0622, CVE-2018-5852, CVE-2018-9374, CVE-2018-9375, CVE-2018-9378, CVE-2018-9379, CVE-2018-9380, CVE-2018-9381, CVE-2018-9382, CVE-2018-9349(7.x, 8.x), CVE-2018-9350(7.x, 8.x), CVE-2018-9351(7.x, 8.x), CVE-2018-9352(7.x, 8.x), CVE-2018-9353(7.x, 8.x)

Low
None

NSI
CVE-2018-9354(7.x, 8.x)

Already included in previous updates
CVE-2018-5846, CVE-2018-5845, CVE-2018-3578, CVE-2018-3565, CVE-2017-13077, CVE-2018-5844, CVE-2018-5847, CVE-2018-3579

Not applicable to Samsung devices
CVE-2017-6289, CVE-2017-6293, CVE-2017-5715, CVE-2018-5840, CVE-2018-6254, CVE-2018-6246, CVE-2018-5848, CVE-2017-18070, CVE-2017-13230


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 3 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jun-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-11599: Buffer overflow in Trustlet

Severity: Critical
Affected Versions: N(7.X) devices with Exynos or MediaTek chipset
Reported on: March 20, 2018
Disclosure status: Privately disclosed.
Lack of boundary checking of a buffer in trustlet can lead to memory corruption.
The supplied patch prevents buffer overflow by confirming the sizes of source and destination.


SVE-2018-11600: Information disclosure in Trustlet

Severity: Moderate
Affected Versions: N(7.X)
Reported on: March 20, 2018
Disclosure status: Privately disclosed.
The vulnerability exposes the address information of Trustlet in the log.
The patch removes the problematic code.


SVE-2018-11792: Keymaster architecture vulnerability

Severity: Critical
Affected Versions: M(6.0), N(7.x), O(8.0) devices with Exynos chipset
Reported on: February 12, 2018
Disclosure status: Privately disclosed.
One of tlApi was not protected from unspecific trustlet.
The patch restricts access of tlApi in TEE via access control mechanism.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products. 

- Chang Uk Chung: SVE-2018-11599, SVE-2018-11600
- Ben Lapid and Avishai Wool: SVE-2018-11792
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - May 2018 package; and Android security patch level (SPL) of May 1, 2018 includes all of these patches. The Bulletin (May 2018) contains the following CVE items:

Critical
CVE-2017-13292, CVE-2017-18071, CVE-2017-18146, CVE-2017-18128, CVE-2018-3592, CVE-2018-3591

High
CVE-2017-5754, CVE-2018-3566, CVE-2018-3563, CVE-2017-18074, CVE-2017-18135, CVE-2017-18138, CVE-2017-18129, CVE-2017-18132, CVE-2017-18133, CVE-2017-18147, CVE-2017-18143, CVE-2018-3589, CVE-2017-13309(O8.1), CVE-2017-13310(M6.x, N7.x, O8.x), CVE-2017-13311(N7.x, O8.x), CVE-2017-13312(O8.0), CVE-2017-13313(M6.x, N7.x, O8.x), CVE-2017-13314(N7.x, O8.x), CVE-2017-13315(M6.x, N7.x, O8.x), CVE-2017-13319(M6.x), CVE-2017-13320(M6.x)

Moderate
CVE-2017-13166, CVE-2017-14896, CVE-2017-13305, CVE-2017-17449, CVE-2017-13307, CVE-2017-17712, CVE-2017-15115, CVE-2018-3598, CVE-2018-3584, CVE-2017-8269, CVE-2017-15837, CVE-2018-5825, CVE-2018-5822, CVE-2018-5821, CVE-2018-5820, CVE-2018-3599, CVE-2018-5828, CVE-2017-14890, CVE-2017-14880, CVE-2017-11075, CVE-2017-13295(M6.x, N7.x, O8.x), CVE-2017-13316(M6.x, N7.x, O8.x), CVE-2017-13317(O8.1), CVE-2017-13318(O8.1), CVE-2017-13319(N7.x, O8.x), CVE-2017-13320(N7.x, O8.x), CVE-2017-13323(M6.x, N7.x, O8.x), CVE-2017-13321(O8.x)

Low
None

NSI
None

Already included in previous updates
CVE-2017-1653, CVE-2017-13077, CVE-2017-17770, CVE-2017-15822, CVE-2017-8274, CVE-2017-18073, CVE-2017-18125, CVE-2017-18137, CVE-2017-18134, CVE-2018-3594, CVE-2018-5826, CVE-2017-15853, CVE-2018-5823, CVE-2018-3596, CVE-2018-3567, CVE-2017-15855, CVE-2017-15836, CVE-2017-14894

Not applicable to Samsung devices
CVE-2017-13161, CVE-2017-13213, CVE-2017-13221, CVE-2017-13270, CVE-2017-13271, CVE-2017-13293, CVE-2017-8275, CVE-2017-11011, CVE-2017-18136, CVE-2017-18140, CVE-2017-18142, CVE-2017-18139, CVE-2017-18072, CVE-2017-18126, CVE-2017-18144, CVE-2017-18145, CVE-2017-18130, CVE-2017-18127, CVE-2018-3590, CVE-2018-3593, CVE-2017-13303, CVE-2017-13304, CVE-2017-13306


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 7 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR May-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-11552: Bootloader not to check an integrity of specially system image

Severity: High
Affected versions: N(7.x), O(8.0) devices with MSM8998 and SDM845 chipset
Reported on: February 24, 2018
Disclosure status: Publicly disclosed.
There was a vulnerability within the verification of Qualcomm MSM8998 and SDM845 bootloader and it may allow an attacker to bypass secure boot given the attacker gains root privilege.
The patch has been applied to properly check the integrity of system image.


SVE-2018-11633: Theft of arbitrary files leading to emails and email accounts takeover

Severity: Moderate
Affected versions: M(6.0)
Reported on: February 11, 2018
Disclosure status: Privately disclosed.
This vulnerability allows an attacker to gain information of email by calling unprotected intent.
The patch sanitized files not to expose email information.


SVE-2018-11358: Out of Bounds access vulnerability in kernel driver

Severity: Low
Affected versions: M(6.0), N(7.x), O(8.0) devices with Exynos chipset
Reported on: February 19, 2018
Disclosure status: Privately disclosed.
Assuming root privilege is achieved, this vulnerability allows an attacker to gain an Out Of Bounds Read/Write leading to possible arbitrary code execution.
The patch removed the part of code related to Out Of Bounds access.


SVE-2018-11599: Buffer Overflow in Trustlet

Severity: Critical
Affected versions: O(8.0) devices with Exynos chipset
Reported on: March 20, 2018
Disclosure status: Privately disclosed.
Buffer overflow vulnerability exist in trustlet.
The patch prevented a buffer overflow by using a verified size.


SVE-2018-11600: Information disclosure on Trustlet

Severity: Moderate
Affected versions: O(8.0)
Reported on: March 20, 2018
Disclosure status: Privately disclosed.
The address information of trustlet is logged.
The patch deleted all logs related to address information of trustlet.


SVE-2017-10748: Accessing the Clipboard content using Edge panel(Clipboard Edge) without unlocking the Phone

Severity: High
Affected versions: N(7.x), O (8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8)
Reported on: October 27, 2017
Disclosure status: Privately disclosed.
The clipboard edge content can be leaked with attackers without any of user authentication.
The patch adds protection to hide clipboard contents immediately when device is locked.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products. 

- Chang Uk Chung: SVE-2018-11599, SVE-2018-11600
- Toshin Sergey: SVE-2018-11633
- National Cyber Security Centre: SVE-2018-11358
- Vijay Balaganesan: SVE-2017-10748
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - April 2018 package; and Android security patch level (SPL) of April 1, 2018 includes all of these patches. The Bulletin (April 2018) contains the following CVE items:

Critical
CVE-2017-13276, CVE-2017-13277, CVE-2017-13281(O8.x), CVE-2017-13282(N7.x, O8.x), CVE-2017-13283(N7.x, O8.x), CVE-2017-13267, CVE-2017-13284

High
CVE-2017-16530, CVE-2017-16525, CVE-2017-16535, CVE-2017-16533, CVE-2017-16531, CVE-2017-16529, CVE-2017-18056, CVE-2017-18063, CVE-2017-18064, CVE-2017-15821, CVE-2017-14882, CVE-2017-14878, CVE-2017-13274, CVE-2017-13275(O8.x), CVE-2017-13278, CVE-2017-13279, CVE-2017-13280, CVE-2017-13285, CVE-2017-13286(O8.x), CVE-2017-13287(M6.0.1, N7.x, O8.x), CVE-2017-13288(O8.x), CVE-2017-13289, CVE-2017-13290, CVE-2017-13291(N7.x,O8.x), CVE-2017-13300(M6.x), CVE-2017-13296(M6.x), CVE-2017-13297(M6.x), CVE-2017-13298(M6.x), CVE-2017-13299(M6.x)

Moderate
CVE-2017-14875, CVE-2017-16527, CVE-2017-15649, CVE-2017-1000111, CVE-2017-18066, CVE-2017-18062, CVE-2018-3561, CVE-2018-3560, CVE-2017-15834, CVE-2017-15833, CVE-2017-15831, CVE-2017-15830, CVE-2017-14887, CVE-2017-14879, CVE-2017-11082, CVE-2017-11074, CVE-2017-15855, CVE-2017-13263(O8.x), CVE-2017-13296(N7.x, O8.x), CVE-2017-13297(N7.x, O8.x), CVE-2017-13298(N7.x, O8.x), CVE-2017-13301(O8.0), CVE-2017-13302(O8.0)

Low
None

NSI
CVE-2017-13299(N7.x, O8.x)

Already included in previous updates
CVE-2017-18067, CVE-2017-18068, CVE-2017-14885, CVE-2017-18050, CVE-2017-18054, CVE-2017-18055, CVE-2017-18065, CVE-2017-14889, CVE-2017-18052, CVE-2017-18057, CVE-2017-18059, CVE-2017-18060, CVE-2017-18051, CVE-2017-18053, CVE-2017-18058

Not applicable to Samsung devices
CVE-2017-14876, CVE-2017-6281, CVE-2017-6286, CVE-2017-15815, CVE-2017-18069, CVE-2017-17773, CVE-2016-10393, CVE-2017-6287, CVE-2017-6285, CVE-2017-6288, CVE-2017-18061, CVE-2017-13294


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 8 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Apr-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2017-10638: Information disclosure on Trustlet

Severity: Low
Affected versions: M(6.x) on Exynos and Qualcomm chipsets
Reported on: Sept 29, 2017
Disclosure status: Publicly disclosed.
A session information of Trustlet remains in the debug log.
The patch removed the information from the debug log.


SVE-2017-10886: Code Execution in Call+

Severity: High
Affected versions: N(7.x), O(8.x)
Reported on: November 2, 2017
Disclosure status: Privately disclosed.
There is a vulnerable implementation in Call+ application which can load classes from specific path.
The applied patch removed unused vulnerable implementation.


SVE-2017-10987: Information disclosure on Secure Driver

Severity: Moderate
Affected versions: N(7.x) on Exynos8890/8895 models
Reported on: September 29, 2017
Disclosure status: Publicly disclosed
The secure driver doesn’t check a modified trustlet which can cause to expose KASLR offset, resulting in possible information disclosure.
The patch limited an unauthorized access based on the whitelist to prevent illegal use.


SVE-2017-11107: Clipboard contents disclosure

Severity: High
Affected versions: M(6.0), N(7.x), O(8.x)
Reported on: October 24, 2017
Disclosure status: Privately disclosed.
The vulnerability leaks the clipboard contents via keyboard in emergency call when the screen is locked.
The applied patch removed clipboard button in the keyboard when then screen is locked.


SVE-2018-11463: Buffer Overflow in OMACP WbXml String Extension Processing

Severity: Moderate
Affected versions: M(6.0), N(7.x)
Reported on: February 22, 2018
Disclosure status: Privately disclosed.
A malformed OMACP WAP push message can cause integer overflow and memory corruption when processing the string extension portion of the WbXml payload.
The patch confirmed the range of integer and discarded the malformed OMACP message.


SVE-2018-11469: Placing video calls, running SS and USSD codes without permissions

Severity: Moderate
Affected versions: M(6.0), N(7.x), O(8.0)
Reported on: February 22, 2018
Disclosure status: Privately disclosed.
There is an unprotected component in Contacts application which can place video call, and run SS(Supplementary Service) and USSD(Unstructured Supplementary Service Data) codes without permission.
The applied patch protected the component.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Daniel Komaromy: SVE-2017-10638, SVE-2017-10987
- Takeshi Terada: SVE-2017-10886
- Vijay Balaganesan: SVE-2017-11107
- Natalie Silvanovich: SVE-2018-11463
- Pedro Umbelino: SVE-2018-11469
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - March 2018 package; and Android security patch level (SPL) of March 1, 2018 includes all of these patches. The Bulletin (March 2018) contains the following CVE items:

Critical
CVE-2017-13248, CVE-2017-13249, CVE-2017-13250, CVE-2017-13251, CVE-2017-13255, CVE-2017-13256, CVE-2017-13266, CVE-2017-13272, CVE-2017-15817

High
CVE-2014-10054, CVE-2016-10460, CVE-2016-10461, CVE-2017-11041, CVE-2017-13252, CVE-2017-13253, CVE-2017-13254(L5.1, M6.x), CVE-2017-13257, CVE-2017-13258, CVE-2017-13259, CVE-2017-13260, CVE-2017-13261, CVE-2017-13262, CVE-2017-13264(M6.x), CVE-2017-13273, CVE-2017-14884, CVE-2017-15265, CVE-2017-15820, CVE-2017-15829, CVE-2017-15862, CVE-2017-17767

Moderate
CVE-2017-1000405, CVE-2017-11043, CVE-2017-11087, CVE-2017-13239, CVE-2017-13240, CVE-2017-13243, CVE-2017-13245, CVE-2017-13246, CVE-2017-13268, CVE-2017-13269, CVE-2017-14877, CVE-2017-14881, CVE-2017-14891, CVE-2017-14892, CVE-2017-15826, CVE-2017-15846, CVE-2017-15859, CVE-2017-17769, CVE-2017-17771

Low
None

NSI
CVE-2017-13254(N7.x, O8.x), CVE-2017-13264(N7.x, O8.x)

Already included in previous updates
CVE-2017-13265, CVE-2017-15860, CVE-2015-9016

Not applicable to Samsung devices
CVE-2017-13238, CVE-2017-13244, CVE-2017-13247, CVE-2017-14883, CVE-2017-15823, CVE-2017-15861, CVE-2017-17764, CVE-2017-17765, CVE-2017-17766, CVE-2017-6258, CVE-2017-6279, CVE-2017-9723


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 5 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Mar-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2017-10993: Kernel pointer leak in USB gadget driver

Severity: Moderate
Affected Versions: L(5.x), M(6.0), N(7.x), O(8.0)
Reported on: September 15, 2017
Disclosure status: Privately disclosed.
A vulnerability in USB gadget driver allows kernel pointer leakeage.
The applied patch modified incorrect implementation of kernel logging.


SVE-2017-10897: NFC activated by magnet

Severity: Low
Affected Versions: N(7.x)
Reported on: September 14, 2017
Disclosure status: Privately disclosed.
A vulnerability allows NFC activation to bypass lockscreen when a magnet is brought close to a specific point of device.
The patch disables NFC activation in such event.


SVE-2017-10748: Accessing the Clipboard content using Edge panel

Severity: High
Affected Versions: N(7.x) (Edge)
Reported on: October 27, 2017
Disclosure status: Privately disclosed.
The clipboard edge allows attackers to access device information without user authentication for a short period after locking screen once.
The patch protects contents of clipboard using a screen lock type when turning the Clipboard Edge on.


SVE-2017-11018: Dual Messenger use permission without user agreement

Severity: Moderate
Affected Versions: N(7.x) (Dual Messenger)
Reported on: November 19, 2017
Disclosure status: Privately disclosed.
A vulnerability in DualMessenger feature allows the second app of messenger app to use the runtime permission of the first messenger app without user's consent.
The patch fixes this vulnerability.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Frederic Basse: SVE-2017-10993
- SHAWN NEBLETT: SVE-2017-10897<br>
- Vijay Balaganesan: SVE-2017-10748
- Bogdan : SVE-2017-11018
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - February 2018 package; and Android security patch level (SPL) of February 1, 2018 includes all of these patches. The Bulletin (February 2018) contains the following CVE items:

Critical
CVE-2017-11041, CVE-2017-13228, CVE-2017-13229(L5.1, M6.x), CVE-2017-13230(L5.1, M6.x), CVE-2017-14911

High
CVE-2013-4397, CVE-2015-9191, CVE-2017-0837, CVE-2017-11010, CVE-2017-13167, CVE-2017-13215, CVE-2017-13216, CVE-2017-13230(N7.x, O8.x), CVE-2017-13231, CVE-2017-13232, CVE-2017-13233, CVE-2017-13234, CVE-2017-13235(L5.1, M6.x), CVE-2017-14906, CVE-2017-14910, CVE-2017-14912

Moderate
CVE-2017-11035, CVE-2017-11064, CVE-2017-11081, CVE-2017-13165, CVE-2017-13219, CVE-2017-13220, CVE-2017-13229(N7.x, O8.x), CVE-2017-13236, CVE-2017-13241, CVE-2017-14140, CVE-2017-14873, CVE-2017-14879, CVE-2017-15845, CVE-2017-15847, CVE-2017-15848, CVE-2017-15850, CVE-2017-9689, CVE-2017-9712

Low
None

NSI
CVE-2017-13235(N7.x, O8.x)

Already included in previous updates
CVE-2017-14913

Not applicable to Samsung devices
CVE-2017-0869, CVE-2017-11003, CVE-2017-11066, CVE-2017-11069, CVE-2017-11072, CVE-2017-11079, CVE-2017-11079, CVE-2017-11080, CVE-2017-13214, CVE-2017-13217, CVE-2017-13222, CVE-2017-13226, CVE-2017-13242, CVE-2017-14497, CVE-2017-14869, CVE-2017-14870, CVE-2017-14915, CVE-2017-15537, CVE-2017-15849, CVE-2017-9705


※ Please see Android Security Bulletin for detailed information on Google patches.

In addition, the following backlogged Device Specific CVEs are included in this SMR package:

CVE-2014-10039, CVE-2014-10043, CVE-2014-10044, CVE-2014-10045, CVE-2014-10046, CVE-2014-10047, CVE-2014-10048, CVE-2014-10050, CVE-2014-10051, CVE-2014-10052, CVE-2014-10053, CVE-2014-10054, CVE-2014-10055, CVE-2014-10056, CVE-2014-10057, CVE-2014-10058, CVE-2014-10059, CVE-2014-10062, CVE-2014-10063, CVE-2014-9971, CVE-2014-9972, CVE-2014-9976, CVE-2014-9981, CVE-2014-9985, CVE-2014-9986, CVE-2014-9987, CVE-2014-9988, CVE-2014-9989, CVE-2014-9990, CVE-2014-9991, CVE-2014-9993, CVE-2014-9994, CVE-2014-9995, CVE-2014-9996, CVE-2014-9997, CVE-2014-9998, CVE-2015-0574, CVE-2015-0576, CVE-2015-8593, CVE-2015-8594, CVE-2015-9063, CVE-2015-9064, CVE-2015-9065, CVE-2015-9066, CVE-2015-9108, CVE-2015-9109, CVE-2015-9110, CVE-2015-9111, CVE-2015-9112, CVE-2015-9113, CVE-2015-9114, CVE-2015-9115, CVE-2015-9116, CVE-2015-9118, CVE-2015-9119, CVE-2015-9120, CVE-2015-9122, CVE-2015-9123, CVE-2015-9124, CVE-2015-9126, CVE-2015-9127, CVE-2015-9128, CVE-2015-9129, CVE-2015-9130, CVE-2015-9131, CVE-2015-9132, CVE-2015-9133, CVE-2015-9134, CVE-2015-9135, CVE-2015-9136, CVE-2015-9137, CVE-2015-9138, CVE-2015-9139, CVE-2015-9140, CVE-2015-9141, CVE-2015-9142, CVE-2015-9143, CVE-2015-9144, CVE-2015-9145, CVE-2015-9146, CVE-2015-9147, CVE-2015-9148, CVE-2015-9149, CVE-2015-9150, CVE-2015-9151, CVE-2015-9152, CVE-2015-9153, CVE-2015-9156, CVE-2015-9157, CVE-2015-9158, CVE-2015-9159, CVE-2015-9160, CVE-2015-9161, CVE-2015-9162, CVE-2015-9163, CVE-2015-9164, CVE-2015-9165, CVE-2015-9166, CVE-2015-9167, CVE-2015-9169, CVE-2015-9170, CVE-2015-9171, CVE-2015-9172, CVE-2015-9173, CVE-2015-9174, CVE-2015-9175, CVE-2015-9176, CVE-2015-9177, CVE-2015-9178, CVE-2015-9179, CVE-2015-9180, CVE-2015-9181, CVE-2015-9182, CVE-2015-9183, CVE-2015-9184, CVE-2015-9185, CVE-2015-9186, CVE-2015-9187, CVE-2015-9188, CVE-2015-9189, CVE-2015-9190, CVE-2015-9191, CVE-2015-9192, CVE-2015-9193, CVE-2015-9194, CVE-2015-9195, CVE-2015-9196, CVE-2015-9197, CVE-2015-9198, CVE-2015-9199, CVE-2015-9200, CVE-2015-9201, CVE-2015-9202, CVE-2015-9203, CVE-2015-9204, CVE-2015-9205, CVE-2015-9206, CVE-2015-9207, CVE-2015-9208, CVE-2015-9209, CVE-2015-9210, CVE-2015-9211, CVE-2015-9212, CVE-2015-9213, CVE-2015-9215, CVE-2015-9216, CVE-2015-9217, CVE-2015-9218, CVE-2015-9219, CVE-2015-9220, CVE-2015-9221, CVE-2015-9222, CVE-2015-9223, CVE-2015-9224, CVE-2016-10380, CVE-2016-10381, CVE-2016-10384, CVE-2016-10385, CVE-2016-10386, CVE-2016-10387, CVE-2016-10390, CVE-2016-10392, CVE-2016-10406, CVE-2016-10407, CVE-2016-10409, CVE-2016-10410, CVE-2016-10411, CVE-2016-10412, CVE-2016-10414, CVE-2016-10415, CVE-2016-10416, CVE-2016-10417, CVE-2016-10418, CVE-2016-10419, CVE-2016-10420, CVE-2016-10421, CVE-2016-10422, CVE-2016-10423, CVE-2016-10424, CVE-2016-10425, CVE-2016-10426, CVE-2016-10427, CVE-2016-10428, CVE-2016-10429, CVE-2016-10430, CVE-2016-10431, CVE-2016-10432, CVE-2016-10433, CVE-2016-10434, CVE-2016-10435, CVE-2016-10436, CVE-2016-10437, CVE-2016-10438, CVE-2016-10439, CVE-2016-10440, CVE-2016-10441, CVE-2016-10442, CVE-2016-10443, CVE-2016-10444, CVE-2016-10445, CVE-2016-10446, CVE-2016-10447, CVE-2016-10448, CVE-2016-10449, CVE-2016-10450, CVE-2016-10451, CVE-2016-10452, CVE-2016-10454, CVE-2016-10455, CVE-2016-10456, CVE-2016-10457, CVE-2016-10458, CVE-2016-10459, CVE-2016-10460, CVE-2016-10461, CVE-2016-10462, CVE-2016-10464, CVE-2016-10466, CVE-2016-10467, CVE-2016-10469, CVE-2016-10471, CVE-2016-10472, CVE-2016-10473, CVE-2016-10474, CVE-2016-10475, CVE-2016-10476, CVE-2016-10477, CVE-2016-10478, CVE-2016-10479, CVE-2016-10480, CVE-2016-10481, CVE-2016-10482, CVE-2016-10483, CVE-2016-10484, CVE-2016-10485, CVE-2016-10486, CVE-2016-10487, CVE-2016-10489, CVE-2016-10490, CVE-2016-10491, CVE-2016-10492, CVE-2016-10493, CVE-2016-10494, CVE-2016-10495, CVE-2016-10496, CVE-2016-10497, CVE-2016-10498, CVE-2016-10499, CVE-2016-10501, CVE-2016-5348


Along with Google patches, Samsung Mobile provides 16 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Feb-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2017-10991: Heap overflow in sensorhub binder service lead to code execution in privileged process

Severity: Moderate
Affected Versions: M(6.0), N(7.x)
Reported on: November 8, 2017
Disclosure status: Privately disclosed.
Heap overflow vulnerability in sensorhub binder service can lead to code execution in privileged process.
The patch checks the size of buffer before the memcpy() to avoid heap overflow.


SVE-2017-11165: Buffer overflow in vision

Severity: High
Affected Versions: N(7.x)
Reported on: November 8, 2017
Disclosure status: Privately disclosed.
Buffer overflow vulnerability in vision service can lead to local arbitrary code execution in a privileged process when the frame size is over 2M.
The patch protects the size under enqueue frame using memcpy.


SVE-2017-10747: Code Execution and arbitrary file loading in Email

Severity: Critical
Affected Versions: M(6.0)
Reported on: Nobember 2, 2017
Disclosure status: Privately disclosed.
Vulnerability email app allows an attacker to execute javascript using event attribute and load arbitrary local file using src attribute.
The patch restricts the file scheme and javascript in event attribute.


SVE-2017-11106: App Pinning Bypass via Dex Station

Severity: Moderate
Affected Versions: N(7.x)
Reported on: December 16, 2017
Disclosure status: Privately disclosed.
Pin windows with "Use screen lock type to unpin" option allows an attacker to bypass lock screen without user authentication by changing Samsung DeX mode.
The patch protects the device using a screen lock type when turning the Samsung DeX on.


SVE-2017-10932: Arbitrary application installation in Secure Folder

Severity: Moderate
Affected Versions: N(7.x)
Reported on: November 10, 2017
Disclosure status: Privately disclosed.
A random APK can be installed through Secure Folder SDCARD area.
The patch fixed the logic to check package signature and package name to install verified Backup and restore APK.


SVE-2017-11105: Code execution in Samsung Gallery

Severity: Low
Affected Versions: L(5.x), M(6.0), N(7.x)
Reported on: November 8, 2017
Disclosure status: Privately disclosed.
Vulnerability in Gallery allows code execution with a BMP file.
The patch fixed the parser to validate proper resolution of BMP file.


SVE-2017-10733: Stack overflow in Trustlet

Severity: Critical
Affected Versions: M(6.0) OS( Exynos devices)
Reported on: September 15, 2017
Disclosure status: Privately disclosed.
Vulnerability in Trustlet allows an attacker to obtain pin/password/pattern lock screen data with system privileges.
The patch prevents arbitrary code execution in TEE through stack overflow attack.


SVE-2017-11175: Information disclosure vulnerability in trustonic_tee structure

Severity: Low
Affected Versions: M(6.0), N(7.x), O(8.0) OS( Exynos, Qualcomm devices)
Reported on: October 02, 2017
Disclosure status: Privately disclosed.
A vulnerability allows an attacker to use an exposed kernel address for future attack scenarios.
The patch prevents format string from exposing kernel address.


SVE-2017-11174: Read after free (UAF) in get_kek

Severity: Low
Affected Versions: L(5.1), M(6.0), N(7.x)
Reported on: November 4, 2017
Disclosure status: Privately disclosed.
Assuming system privilege escalation is achieved, absence of synchronizing system in get_kek can bring out race condition and result in use after free vulnerability.
The patch activates the synchronizing system and prevents use of free problems.


SVE-2017-11176: Use after free in vnswap_deinit_backing_storage

Severity: Low
Affected Versions: L(5.x), M(6.0), N(7.x)
Reported on: November 29, 2017
Disclosure status: Privately disclosed.
Assuming root privilege escalation is achieved, absence of synchronizing system in vnswap_deinit_backing_storage can bring out race condition and result in use after free vulnerability.
The patch activates the synchronizing system and prevents use of free problems.


SVE-2017-11177: Double free in vnswap_init_backing_storage

Severity: Low
Affected Versions: L(5.x), M(6.0), N(7.x)
Reported on: October 26, 2017
Disclosure status: Privately disclosed.
Assuming root privilege escalation is achieved, there is a double free vulnerability by race condition, when more than one process executes vnswap_init_backing_storage.
The patch prevents double free issues by applying synchronization mechanism.


SVE-2017-10638: Information disclosure on Trustlet

Severity: Low
Affected Versions: L(5.X) Qualcomm models and N(7.x) Exynos models
Reported on: September 29, 2017
Disclosure status: This issue is publicly known.
A session information of trustlet is logged with user binary.
The patch prevents a trustlet log which includes session information of the trustlet.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products. 

- Edward Flanker: SVE-2017-10991, SVE-2017-11165, SVE-2017-10932, SVE-2017-11105
- Michael Mosbey: SVE-2017-11106
- Hung Chi Su of Team T5: SVE-2017-10733
- Jianqiang: SVE-2017-11175
- Yonggang Guo: SVE-2017-11174, SVE-2017-11176, SVE-2017-11177
- Daniel Komaromy: SVE-2017-10638
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This Security Update package includes patches from Google and Samsung.


The following CVE items from January 2018 Android Security Bulletin with Android security patch level (SPL) of January 1, 2018 are included in this Security Update package:

Critical
CVE-2017-11043,CVE-2017-13177, CVE-2017-13178, CVE-2017-13179, CVE-2017-13208

High
CVE-2017-13162,CVE-2017-0564, CVE-2017-7533, CVE-2017-13174, CVE-2017-14904, CVE-2017-14897,CVE-2017-14902, CVE-2017-14914, CVE-2017-11005, CVE-2017-13077,CVE-2017-13176, CVE-2017-0770, CVE-2017-13180, CVE-2017-13181, CVE-2017-13182,CVE-2017-13184, CVE-2017-0855, CVE-2017-13191, CVE-2017-13192, CVE-2017-13193, CVE-2017-13195,CVE-2017-13196, CVE-2017-13197, CVE-2017-13199, CVE-2017-13209, CVE-2017-13210,CVE-2017-13211, CVE-2017-13185(L5.1, M6.x), CVE-2017-13187(L5.1, M6.x),CVE-2017-13188(L5.1, M6.x), CVE-2017-13203(M6.x), CVE-2017-13204(M6.x),CVE-2017-13205(M6.x), CVE-2017-13186(M6.x), CVE-2017-13189(M6.0.1),CVE-2017-13190(M6.0.1), CVE-2017-13194(L5.1, M6.x), CVE-2017-13198(L5.1, M6.x)

Moderate
CVE-2017-13163,CVE-2017-15868, CVE-2017-1000380, CVE-2017-13168, CVE-2017-13169,CVE-2017-13164, CVE-2017-9708, CVE-2017-11030, CVE-2017-9703, CVE-2017-8244,CVE-2017-14901, CVE-2017-9700, CVE-2017-9722, CVE-2017-11049, CVE-2017-11047,CVE-2017-14899, CVE-2017-11044, CVE-2017-11045, CVE-2017-9710,CVE-2017-11019, CVE-2017-11016, CVE-2017-11033, CVE-2017-8281, CVE-2017-14903,CVE-2017-11031, CVE-2017-14905, CVE-2016-5341, CVE-2017-15813, CVE-2017-13201,CVE-2017-13202, CVE-2017-13206, CVE-2017-13207, CVE-2017-13185(N7.x, O8.0),CVE-2017-13187(N7.x, O8.x), CVE-2017-13188(N7.x, O8.x), CVE-2017-13203(N7.x, O8.x),CVE-2017-13204(N7.x, O8.x), CVE-2017-13205(N7.x, O8.x), CVE-2017-13200(L5.1,M6.x), CVE-2017-13212

Low
CVE-2017-13200(N7.x,O8.x)

NSI
CVE-2017-13186(N7.x,O8.x), CVE-2017-13189(N7.x, O8.x), CVE-2017-13190(N7.x, O8.x), CVE-2017-13194(N7.x,O8.x), CVE-2017-13198(N7.x, O8.x), A-68810306

Already included in previous updates
CVE-2017-14895, CVE-2017-14900

Not applicable to Samsung devices
CVE-2017-13170,CVE-2017-13171, CVE-2017-13173, CVE-2017-6262, CVE-2017-6263, CVE-2017-6276,CVE-2016-3706, CVE-2016-4429, CVE-2017-11007, CVE-2017-9716, CVE-2017-14908,CVE-2017-14909, CVE-2017-14916, CVE-2017-14917, CVE-2017-14918, CVE-2017-11006,CVE-2017-13172, CVE-2017-6280, CVE-2017-13175, CVE-2017-11042, CVE-2017-9718,CVE-2017-9698, CVE-2017-14898, CVE-2017-9709


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 13 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer's confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2018 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


Note: In response to the disclosure of Meltdown and Spectre vulnerabilities (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754), Samsung is adding patch for CVE-2017-13218, which is provided by Google and effectively mitigates all three related CVE’s. Samsung security index (SSI) of SMR Jan-2018 Release MS includes patch for CVE-2017-13218, in addition to all patches in SMR Jan-2018 Release 1.


SVE-2017-10599:vnswap Heap overflow via store function

Severity: Low
Affected versions: L(5.x), M(6.x), N(7.x)
Reported on: September 10, 2017
Disclosure status: Privately disclosed.
Lack of boundary checking in vnswap can lead to arbitrary write with privilege escalation.
The patch prevents from writing arbitrary data over the limit of buffer.


SVE-2017-9995:Vulnerability in S8's InputMethodManagerService

Severity: Low
Affected versions: N(7.x)
Reported on: August 16, 2017
Disclosure status: Privately disclosed.
Device can be rebooted by calling unprotected system service.
The patch prevents a device from rebooting by checking caller’s package name,service name and uid.


SVE-2017-10732:Arbitrary code execution in bootloader via Integer overflow

Severity: Critical
Affected versions: N(7.x) on MT6755/MT6757 models (Mediatek)
Reported on: October 18, 2017
Disclosure status: Privately disclosed.
It is possible to make arbitrary code execution in Bootloader by integer overflow in download offset control.
The patch prevents integer overflow by checking the size value.


SVE-2017-10745:Buffer overflow in exynos chipset

Severity: Critical
Affected versions: All on S.LSI modem chipset
Reported on: November 3, 2017
Disclosure status: Privately disclosed.
There is a buffer overflow issue in the Exynos modem chipset and resulting in a possible baseband exploit.
The patch prevents the baseband exploit by checking the length and IEvalidation on session management module.


SVE-2017-10638:Information disclosure on Trustlet

Severity: Low
Affected versions: M(6.x), N(7.x) on Qualcomm chipsets
Reported on: September 29, 2017
Disclosure status: Privately disclosed.
A session information of trustlet is logged in user binary.
The patch prevents from printing a log which includes session information of the trustlet.


SVE-2017-10733:Stack overflow in Trustlet

Severity: Critical
Affected versions: N(7.x) on Exynos Chipsets
Reported on: September 15, 2017
Disclosure status: Privately disclosed.
A vulnerability allows an attacker to obtain pin/password/pattern lock screen data with system privileges via brute force attack.
The patch prevents arbitrary code execution in TEE using stack overflow attack.


SVE-2017-10906:System Crash via abnormal exception handling

Severity: Low
Affected versions: M(6.x), N(7.x)
Reported on: November 2, 2017
Disclosure status: Privately disclosed.
There is no proper exception handling in Telecom’s activity and it can make system crash via arbitrary calling component.
The patch applies proper exception handling to prevent system crash.


SVE-2017-10885:Sending Malicious ATCMD via DeviceTest application

Severity: Critical
Affected versions: M(6.x), N(7.x)
Reported on: November 18, 2017
Disclosure status: Privately disclosed.
Malicious AT Command can be executed with DeviceTest via NFC Tag from malicious application.
The patch prevents from executing malicious AT command in officially released binary with restriction to handle the command only in Factory binary.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products. 

- Scott Bauer: SVE-2017-10599
- Yousra Aafer of Purdue University: SVE-2017-9995
- Frédéric Basse : SVE-2017-10732
- Daniel Komaromy: SVE-2017-10638
- Hung Chi Su of Team T5: SVE-2017-10733
- Takeshi Terada of MBSD: SVE-2017-10885