Go straight to the menu Go straight to the text

Android Security Updates

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - August 2019 package. The Bulletin (August 2019) contains the following CVE items:

Critical
CVE-2019-2254, CVE-2019-2330, CVE-2019-2308, CVE-2019-2130, CVE-2017-13177, CVE-2019-10539, CVE-2019-10540

High
CVE-2019-2235, CVE-2019-2326, CVE-2019-2307, CVE-2019-2328, CVE-2019-2276, CVE-2019-2305, CVE-2019-2120, CVE-2019-2121, CVE-2019-2122, CVE-2019-2126, CVE-2019-2128, CVE-2019-2129, CVE-2019-2131, CVE-2019-2132, CVE-2019-2133, CVE-2019-2134, CVE-2019-2135, CVE-2019-2136, CVE-2019-2137, CVE-2017-13279, CVE-2019-2294, CVE-2019-10538

Moderate
CVE-2019-2125, CVE-2018-9350

Already included in previous updates
CVE-2019-2239, CVE-2019-2240, CVE-2019-2241, CVE-2019-2236

Not applicable to Samsung devices
CVE-2019-2237, CVE-2019-2238, CVE-2019-2334, CVE-2019-2327, CVE-2019-2346, CVE-2019-2253, CVE-2019-2322, CVE-2019-2278


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 25 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR August-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-13805: S Secure App Lock vulnerability

Severity: Low
Affected Versions: P(9.0) devices released in China and India
Reported on: January 9, 2019
Disclosure status: Privately disclosed.
A vulnerability in “S Secure” app, which is only released in China and India, allows users to access the content of “locked” app without password.
The patch addresses the issue.


SVE-2019-14059, SVE-2019-14685: Local SQL Injection in RCS Content Provider

Severity: Moderate
Affected Versions: N(7.x) O(8.x) P(9.0)
Reported on: February 28, 2019
Disclosure status: Privately disclosed.
Third-party apps are able to perform arbitrary SQL queries via injection vector in RCS content provider.
The patch prevents SQL injection.


SVE-2019-14061: Local SQL Injection in Wi-Fi history Content Provider

Severity: Low
Affected Versions: N(7.x) O(8.x) P(9.0)
Reported on: February 28, 2019
Disclosure status: Privately disclosed.
Third-party apps are able to perform arbitrary SQL queries via injection vector Wi-Fi history content provider.
The patch prevents SQL injection.


SVE-2019-14204: Vulnerability in the handshake of WPA3

Severity: Moderate
Affected Versions: P(9.0)
Reported on: March 29, 2019
Disclosure status: Privately disclosed.
This vulnerability may weaken WPA3 security protection due to gaps in the implementation of the WPA3 specification to allow potential downgrade and/or dictionary attack.
The patch addresses the issue.


SVE-2019-14365: Exported and SQLi vulnerable MemorySaver Content Provider

Severity: Moderate
Affected Versions: P(9.0)
Reported on: April 26, 2019
Disclosure status: Privately disclosed.
A vulnerability in MemorySaver allows access to content provider database from unprivileged process.
The patch adds the permission of the content provider.


SVE-2019-14372: SMMU page fault in MALI GPU Driver

Severity: Low
Affected Versions: P(9.0) devices with Exynos chipsets
Reported on: April 29, 2019
Disclosure status: Privately disclosed.
An invalid address mapping in AFBC buffer allows corruption of memory resulting in kernel panic.
The patch modifies to map the address properly.


SVE-2019-14412: Buffer overflow Vulnerability when loading UH Partition

Severity: Low
Affected Versions: P(9.0) devices with Exynos 9820 chipset
Reported on: July 17, 2019
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability in secure boot allows arbitrary memory issues.
The patch adds size check logic and integrity check logic in secure boot code.


SVE-2019-14462: Gallery Bug of Location information settings

Severity: Low
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: May 12, 2019
Disclosure status: Privately disclosed.
A vulnerability in Gallery results in acceptance of T&C for Location information sharing without secure lock screen authentication.
The patch modifies the lock state check logic to enforce authentication in the T&C for Gallery Location information sharing.


SVE-2019-14651, SVE-2019-14666: Arbitrary memory overwrite and stack overflow in SEM Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with Exynos chipsets
Reported on: July 17, 2019
Disclosure status: Privately disclosed.
A possible arbitrary memory overwrite and stack overflow vulnerabilities in SEM Trustlet allows arbitrary code execution.
The patch adds size check logic of wsm data in SEM Trustlet.


SVE-2019-14653: Secure Folder Motion photo bug

Severity: Moderate
Affected Versions: P(9.0)
Reported on: May 25, 2019
Disclosure status: Privately disclosed.
A vulnerability in Motion photo player allows access to image information protected by Secure folder on normal state.
The patch integrates the layer of Motion photo player with Gallery layer on recent app view.


SVE-2019-14665: Stack overflow in HDCP Trustlet

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: May 27, 2019
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability in HDCP Trustlet allows potential arbitrary code execution.
The patch adds proper check of input data in trustlet.


SVE-2019-14764: Arbitrary file create with system-app privilege

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: June 7, 2019
Disclosure status: Privately disclosed.
A vulnerability in FotaAgent allows creating privileged files without proper permission from unprivileged process.
The patch adds proper permission check on FotaAgent to address the vulnerability.


SVE-2019-14837: Use after free in ion driver

Severity: High
Affected Versions: O(8.x), P(9.0) devices with Exynos9810 chipsets
Reported on: June 13, 2019
Disclosure status: Privately disclosed.
A possible use after free vulnerability exists in ion driver.
The patch removes vulnerable logic in ion driver.


SVE-2019-14847: Missing Param Type check in EXT_FR Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 14, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in EXT_FR Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14850: Missing Param Type check in HDCP Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 16, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in HDCP Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14851: Missing Param Type check in SEC_FR Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 16, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in SEC_FR Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14864: Missing Param Type check in FINGERPRINT Trustlet

Severity: Critical
Affected Versions: O(8.1), P(9.0) devices with TEEGRIS
Reported on: June 18, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in FINGERPRINT Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14867: Missing Param Type check in MLDAP Trustlet

Severity: Critical
Affected Versions: O(8.1), P(9.0) devices with TEEGRIS
Reported on: June 18, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in MLDAP Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14885: Missing Param Type check in WVDRM Trustlet

Severity: Critical
Affected Versions: P(9.0) devices with TEEGRIS
Reported on: June 20, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in WVDRM Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14891: Missing Param Type check in SEM Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 21, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in SEM Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.


SVE-2019-14892: Missing Param Type check in SKPM Trustlet

Severity: Critical
Affected Versions: O(8.x), P(9.0) devices with TEEGRIS
Reported on: June 21, 2019
Disclosure status: Privately disclosed.
A lack of check for param type in SKPM Trustlet with TEEGRIS allows arbitrary code execution.
The patch adds proper check of param type.



Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Niraj Khatiwada: SVE-2019-13805
- Calum Hutton: SVE-2019-14059, SVE-2019-14061
- Vanhoef, Mathy: SVE-2019-14204
- Julien Thomas: SVE-2019-14365, SVE-2019-14685
- Aleksandr Tarasikov: SVE-2019-14372, SVE-2019-14412
- Bogdan: SVE-2019-14462, SVE-2019-14653
- Hung Chi Su of TeamT5: SVE-2019-14651, SVE-2019-14666, SVE-2019-14891
- Chao Cheng Yu of TeamT5: SVE-2019-14665
- Che-Yang Wu of TeamT5: SVE-2019-14847, SVE-2019-14850, SVE-2019-14851, SVE-2019-14864, SVE-2019-14867, SVE-2019-14885, SVE-2019-14892
- Edward Flanker: SVE-2019-14764
- Nicolas Brito: SVE-2019-14837
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - July 2019 package. The Bulletin (July 2019) contains the following CVE items:

Critical
CVE-2019-2279, CVE-2019-2252, CVE-2019-2287, CVE-2018-13927, CVE-2018-13924, CVE-2019-2269, CVE-2019-2106, CVE-2019-2107, CVE-2019-2109, CVE-2019-2111

High
CVE-2019-2101, CVE-2018-13896, CVE-2019-2261, CVE-2019-2260, CVE-2019-2292, CVE-2018-9526, CVE-2019-2104, CVE-2019-2105, CVE-2019-2112, CVE-2019-2113, CVE-2019-2116, CVE-2019-2117, CVE-2019-2118, CVE-2019-2119

Moderate
None

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2019-6496, CVE-2019-2243


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 13 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR July-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-13952: Integer underflow in Secure Storage Trustlet

Severity: High
Affected Versions: O(8.0) devices with Qualcomm SDM660 chipset
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
A possible invalid input check vulnerability exists in Secure Storage trustlet allowing a potential integer underflow.
The patch adds size check logic in the Trustlet.


SVE-2019-14058: Local SQL Injection in Gear VR Service Content Provider

Severity: Moderate
Affected Versions: N(7.x) O(8.x) P(9.0)
Reported on: February 28, 2019
Disclosure status: Privately disclosed.
Third-party apps are able to perform arbitrary SQL queries via injection vector under the context of the app hosting the content provider.
The patch prevents SQL query strings using parameterized bound variables to mitigate injection.


SVE-2019-14062: Local SQL Injection in Story Video Editor Content Provider

Severity: High
Affected Versions: N(7.x) O(8.x) P(9.0)
Reported on: February 28, 2019
Disclosure status: Privately disclosed.
Third-party apps are able to perform arbitrary SQL queries via injection vector under the context of the app hosting the content provider.
The patch prevents SQL query strings using parameterized bound variables to mitigate injection.


SVE-2019-14208: Leaking Private Mode thumbnail contents

Severity: Moderate
Affected Versions: Select N(7.x), O(8.x) devices
Reported on: April 1, 2019
Disclosure status: Privately disclosed.
A vulnerability in Gallery allows leaking of contents in Private Mode even when Private Mode is disabled.
The patch moves the cache file to the application's sandbox.


SVE-2019-14371: Memory Overflow in Bootloader

Severity: Critical
Affected Versions: O(8.1), P(9.0) devices with Exynos chipsets
Reported on: April 29, 2019
Disclosure status: Privately disclosed.
A heap overflow vulnerability in bootloader can lead to memory issues.
The patch adds length check code in the bootloader.


SVE-2019-14545: Bluetooth on/off without permission

Severity: Low
Affected Versions: P(9.0)
Reported on: May 15, 2019
Disclosure status: Privately disclosed.
A vulnerability in Quick Panel allows turning on or turning off of Bluetooth without authentication in the secure lock screen state.
The patch modifies the lock state check logic to enforce authentication in Bluetooth Quick Panel.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Slava Makkaveev of Check Point: SVE-2019-13952
- Calum Hutton: SVE-2019-14058, SVE-2018-14062
- Andr. Heß: SVE-2019-14208, SVE-2019-14545
- Aleksandr Tarasikov: SVE-2019-14371
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - June 2019 package. The Bulletin (June 2019) contains the following CVE items:

Critical
CVE-2019-2256, CVE-2018-5912, CVE-2018-13898, CVE-2019-2255, CVE-2019-2093, CVE-2019-2094, CVE-2019-2095, CVE-2019-2097

High
CVE-2019-2257, CVE-2018-13906, CVE-2018-13908, CVE-2018-13907, CVE-2018-13902, CVE-2018-13910, CVE-2018-13909, CVE-2018-13911, CVE-2018-13919, CVE-2018-5913, CVE-2019-2259, CVE-2018-11955, CVE-2019-2090, CVE-2019-2091, CVE-2019-2092, CVE-2019-2096, CVE-2019-2102, CVE-2019-2098, CVE-2019-2099

Moderate
CVE-2019-2054

Already included in previous updates
CVE-2018-19860

Not applicable to Samsung devices
CVE-2018-13901, CVE-2018-6243


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR June-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2019-13958: Information disclosure in GateKeeper Trustlet

Severity: High
Affected Versions: N(7.x), O(8.x) devices with Exynos chipsets
Reported on: February 6, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability in Gatekeeper Trustlet allows information disclosure, and it can lead to memory leak.
The patch adds the proper input validation in Gatekeeper Trustlet.


SVE-2019-13952: Integer underflow in Secure Storage Trustlet

Severity: High
Affected Versions: O(8.x), P(9.0) devices with Qualcomm chipsets
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
A possible invalid input check vulnerability exists in Secure Storage Trustlet.
The patch adds size check logic in the Trustlet.


SVE-2019-14170: Information Leak from SPENgesture Service

Severity: Moderate
Affected Versions: N(7.1), O(8.x), P(9.0)
Reported on: March 21, 2019
Disclosure status: Privately disclosed.
A vulnerability in SPENgesture allows unprivileged applications to obtain and modify user input logs.
The patch adds signature check of the caller.


SVE-2019-14550: Use of insecure HTTP link in Galaxy store

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.x)
Reported on: April 9, 2019
Disclosure status: Privately disclosed.
Selected apps in Galaxy store sends request URL to check update availability over HTTP allowing an adversary Man-in-the-Middle (MitM) attack to download arbitrary apps.
The patch fixes the app update checking URL to HTTPS.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Akimov Andrei Valerievich: SVE-2019-13958
- Slava Makkaveev of Check Point: SVE-2019-13952
- Yousra Aafer of University of Waterloo: SVE-2019-14170
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - May 2019 package. The Bulletin (May 2019) contains the following CVE items:

Critical
CVE-2018-13886, CVE-2018-11271, CVE-2018-11940, CVE-2019-2044, CVE-2019-2045, CVE-2019-2046, CVE-2019-2047

High
CVE-2018-11299, CVE-2018-11828, CVE-2018-11870, CVE-2018-11859, CVE-2018-11872, CVE-2018-11884, CVE-2018-11873, CVE-2018-11853, CVE-2018-11871, CVE-2018-11880, CVE-2018-11822, CVE-2018-11861, CVE-2018-11877, CVE-2018-11850, CVE-2018-11849, CVE-2018-11874, CVE-2018-11821, CVE-2018-11875, CVE-2018-11856, CVE-2018-11867, CVE-2018-11882, CVE-2018-11854, CVE-2018-11862, CVE-2018-11904(A-111125111, A-111126462, A-111126531, A-111127063, A-111127792, A-111127854, A-111127907, A-111127908, A-111127947, A-111127970, A-111127971, A-111127985, A-111127986, A-111127988, A-111128007, A-111128243, A-111128419, A-111128479, A-111128619, A-111128638, A-111128639, A-111128836, A-111128839, A-111128875, A-111129383), CVE-2018-11851, CVE-2018-11840, CVE-2018-11902, CVE-2018-11826, CVE-2018-11894, CVE-2018-11860, CVE-2018-11868, CVE-2018-11827, CVE-2018-11891, CVE-2018-11869, CVE-2018-11897, CVE-2018-11895, CVE-2018-11923, CVE-2018-11927, CVE-2018-11953, CVE-2018-11937, CVE-2018-11925, CVE-2018-11924, CVE-2018-11949, CVE-2018-11930, CVE-2018-11928, CVE-2018-11968, CVE-2018-12005, CVE-2018-13885, CVE-2018-11967(A-119052960), CVE-2017-17772, CVE-2018-5855, CVE-2019-2041, CVE-2019-2049, CVE-2019-2050, CVE-2019-2051, CVE-2019-2052, CVE-2019-2053

Moderate
CVE-2018-11819, CVE-2016-2428, CVE-2019-2043

Already included in previous updates
CVE-2018-12004, CVE-2018-11976, CVE-2018-12013, CVE-2018-12012, CVE-2018-13887, CVE-2018-11294, CVE-2018-11876, CVE-2018-11967(A-119049704), CVE-2018-13920

Not applicable to Samsung devices
CVE-2019-2250, CVE-2018-11291, CVE-2018-11879, CVE-2018-11904(A-111125545, A-111127791, A-111127873, A-111127906, A-111127909, A-111127972, A-111127987, A-111128008, A-111128009, A-111128242, A-111128245, A-111128576, A-111128577, A-111128616, A-111128617, A-111128636, A-111128796, A-111128835, A-111128837, A-111129693), CVE-2018-11889, CVE-2018-11878, CVE-2018-11905, CVE-2018-11936, CVE-2018-13925, CVE-2019-2244, CVE-2018-13895, CVE-2019-2245


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 21 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR May-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-12896, SVE-2018-12897: Keyboard learned words and clipboard contents are leaked on the lock screen via Bixby

Severity: Moderate
Affected Versions: Selected O(8.x) devices
Reported on: September 26, 2018
Disclosure status: Privately disclosed.
This vulnerability allows access to keyboard learned words and clipboard contents via Bixby.
The patch removes options for showing learned words and editing text from the keyboard while the devices are locked.


SVE-2018-13326: Vulnerability of secured notifications when using Voice Assistant

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0) devices
Reported on: October 25, 2018
Disclosure status: Privately disclosed.
When the voice assistant is turned on, the secured app’s notification content becomes audible outside of container.
The patch modifies the voice assistant not to notify the secured app’s notifications.


SVE-2019-13958: Information disclosure in GateKeeper Trustlet

Severity: High
Affected Versions: P(9.0) devices with Exynos chipsets
Reported on: February 6, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability in Gatekeeper Trustlet allows information disclosure, and it can lead to memory leak.
The patch adds the proper input validation in Gatekeeper Trustlet.


SVE-2019-13921-1: A use-after-free vulnerability exists within the MALI GPU driver

Severity: High
Affected Versions: O(8.0), P(9.0) devices with Exynos8890 chipset
Reported on: January 31, 2019
Disclosure status: Privately disclosed.
A vulnerability in MALI GPU driver allows arbitrary kernel read/write.
The patch removes vulnerable logic in MALI GPU driver.


SVE-2019-13921-2: RKP Memory Corruption

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos7570, 7580, 7870, 7880, 8890 chipsets
Reported on: January 31, 2019
Disclosure status: Privately disclosed.
A vulnerability in RKP allows arbitrary write to protected memory.
The patch fixes memory mapping logic in RKP.


SVE-2019-13949: NULL dereference in Authnr Trustlet

Severity: Low
Affected Versions: N(7.x), O(8.0), P(9.0) devices with Qualcomm chipsets
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability in Authnr Trustlet allows null pointer dereference leading to a possible crash.
The patch adds the proper input validation in Authnr Trustlet.


SVE-2019-13950: NULL dereference in ESECOMM Trustlet

Severity: Low
Affected Versions: N(7.x), O(8.0), P(9.0) devices with Qualcomm chipsets
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability in ESECOMM Trustlet allows null pointer dereference leading to a possible crash.
The patch adds the proper input validation in ESECOMM Trustlet.


SVE-2019-13952: Integer Underflow in Secure Storage Trustlet

Severity: High
Affected Versions: O(8.x), P(9.0) devices with Qualcomm(MSM8998, SDM845, SM8150) chipsets
Reported on: February 4, 2019
Disclosure status: Privately disclosed.
An invalid input check vulnerability exists in Secure Storage Trustlet.
The patch adds the proper input validation in Secure Storage Trustlet.


SVE-2019-14008: Security issue in Secure Folder

Severity: Moderate
Affected Versions: O(8.x), P(9.0) devices
Reported on: February 11, 2019
Disclosure status: Privately disclosed.
A vulnerability allows access to Secure folder without authentication via adb command.
The patch blocks access to Secure folder via adb command while Secure folder is locked.


SVE-2019-14031: Gallery Security Issue

Severity: Low
Affected Versions: O(8.x) devices
Reported on: February 23, 2019
Disclosure status: Privately disclosed.
A vulnerability disables Gallery application permanently.
The patch addresses the issue.


SVE-2019-14071: Remote memory overflow in Shannon modem

Severity: Critical
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: March 2, 2019
Disclosure status: Privately disclosed.
A heap overflow vulnerability in baseband can lead to memory issues.
The patch adds length check code in the baseband code.


SVE-2019-14073: Potential Phishing Flow in OMACP

Severity: High
Affected Versions: All devices with all OS versions
Reported on: March 4, 2019
Disclosure status: Privately disclosed.
A vulnerability in OMACP application allows attackers to send manipulated OMCP message to change the network and internet settings in the device via phishing campaigns.
The patch blocks devices from receiving insecure OMACP message.


SVE-2019-14126: Heap overflow in the keymaster Trustlet

Severity: Critical
Affected Versions: N(7.x) O(8.x) P(9.0) devices with MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, Exynos8895 chipset
Reported on: March 13, 2019
Disclosure status: Privately disclosed.
A heap overflow in the keymaster Trustlet allows attackers to write memory in TEE, and it can lead to arbitrary code execution in a privileged process.
The patch adds boundary checks in Keymaster Trustlet.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Bogdan: SVE-2018-12896, SVE-2018-12897
- Aleksandr Ruiz: SVE-2018-13326
- Andrei Akimov of Digital Security: SVE-2019-13958, SVE-2019-14126
- Gruskovnjak Jordan: SVE-2019-13921
- Slava Makkaveev of Check Point: SVE-2019-13949, SVE-2019-13950, SVE-2019-13952 
- James Dean working with Zero Day Initiative: SVE-2019-14008
- Julian Jackson: SVE-2019-14031
- Artyom Skrobov of Check Point: SVE-2019-14073
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Apr 2019 package. The Bulletin (Apr 2019) contains the following CVE items:

Critical
CVE-2018-11817, CVE-2018-11958, CVE-2019-2027, CVE-2019-2028, CVE-2019-2029

High
CVE-2018-11970, CVE-2018-11966, CVE-2018-11971, CVE-2018-10879, CVE-2019-2025, CVE-2018-10883, CVE-2018-13899, CVE-2018-13917, CVE-2019-2023, CVE-2019-2003, CVE-2019-2026, CVE-2019-2030, CVE-2019-2031, CVE-2019-2032, CVE-2019-2033, CVE-2019-2034, CVE-2019-2035, CVE-2019-2037, CVE-2019-2038, CVE-2019-2039, CVE-2019-2040

Moderate
None

Already included in previous updates
CVE-2018-13918, CVE-2017-8252(A-79419898, A-79420414)

Not applicable to Samsung devices
CVE-2019-2024, CVE-2017-8252(A-112277630, A-112279542, A-114041175)


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 15 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Apr-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13164, SVE-2018-13165: Change of protected features without authentication via Emergency mode

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0) devices
Reported on: October 9, 2018
Disclosure status: Privately disclosed.
Improper startup procedure in Emergency mode allows unauthorized users to accept Emergency mode EULA instead of the device owner and disable some protected features without any prior authentication.
The patch adds authentication procedure before it starts Emergency mode.


SVE-2019-13899: Smartwatch bug

Severity: High
Affected Versions: P(9.0) devices
Reported on: January 25, 2019
Disclosure status: Privately disclosed.
A vulnerability in Secure Folder allows to show the Secure Folder notification content in smartwatch.
The patch adds the notification ID check and reject if it comes from Secure Folder.


SVE-2019-13910: Arbitrary code execution in Trustlet

Severity: Critical
Affected Versions: N(7.X), O(8.X) devices with Exynos 7570, 7870, 7880, 7885, 8890, 8895, 9810 chipsets
Reported on: January 29, 2019
Disclosure status: Privately disclosed.
Double-fetch vulnerability in Trustlet allows arbitrary code execution in the TEE.
The patch addresses the double-fetch vulnerability in the Trustlet.


SVE-2019-13963: Stack overflow in Baseband

Severity: Critical
Affected Versions: N(7.x), O(8.x), Go(8.1), P(9.0), Go(9.0) devices with Exynos chipsets
Reported on: February 5, 2019
Disclosure status: Privately disclosed.
A stack overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband code.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.
- Andr. Ess : SVE-2018-13164, SVE-2018-13156
- Bogdan: SVE-2019-13899
- Eloi Sanfelix : SVE-2019-13910
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Mar 2019 package. The Bulletin (Mar 2019) contains the following CVE items:

Critical
CVE-2018-11262, CVE-2018-11289, CVE-2018-11820, CVE-2018-11938, CVE-2018-11945, CVE-2019-1989, CVE-2019-1990, CVE-2019-2009

High
CVE-2018-10879, CVE-2019-1999, CVE-2019-2000, CVE-2019-2001, CVE-2018-11280, CVE-2018-13900, CVE-2018-13905, CVE-2018-11268, CVE-2018-11845, CVE-2018-11864, CVE-2018-11921, CVE-2018-11931, CVE-2018-11932, CVE-2018-11935, CVE-2018-11948, CVE-2018-5839, CVE-2018-13904, CVE-2018-20346, CVE-2019-1985, CVE-2019-2004, CVE-2019-2006, CVE-2019-2007, CVE-2019-2008, CVE-2019-2010, CVE-2019-2011, CVE-2019-2012, CVE-2019-2013, CVE-2019-2014, CVE-2019-2015, CVE-2019-2016, CVE-2019-2017, CVE-2019-2018, CVE-2018-9561, CVE-2018-9563, CVE-2018-9564, CVE-2019-2019, CVE-2019-2020, CVE-2019-2021, CVE-2019-2022

Moderate
CVE-2019-2005

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2018-6271, CVE-2018-6267, CVE-2018-6268, CVE-2016-6684, CVE-2018-11275


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Mar-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13162: TCP SYN Packet Denial of Service Vulnerability on the WIFI interface

Severity: High
Affected Versions: N(7.x), O(8.x) devices with Broadcom WIFI and SEC WIFI chipsets
Reported on: October 9, 2018
Disclosure status: Privately disclosed.
A vulnerability in WIFI allows denial of service due to memory exhaustion from TCP SYN flooding attack.
The patch prevents memory exhaustion when TCP SYN flooding attack is detected.


SVE-2018-13452: Time based SQL injection in Contacts

Severity: High
Affected versions: N(7.x), O(8.x) devices
Reported on: November 11, 2018
Disclosure status: Privately disclosed.
A possible time-based SQL injection vulnerability in Contacts application allows unauthorized access to contact information.
The patch adds placeholder to prevent SQL injection in Contacts application.


SVE-2018-13453: Unauthorized access to sensitive information in Allshare

Severity: High
Affected Versions: N(7.x), O(8.x), P(9.0) devices
Reported on: November 11, 2018
Disclosure status: Privately disclosed.
A vulnerability in Allshare fileshare service allows unauthorized access to device sensitive information.
The patch modifies the storage path of device information to sandboxed area for protection.


SVE-2018-13467: Heap Overflow in Baseband(SS ASN Decoding)

Severity: Critical
Affected versions: O(8.x) devices with Exynos chipsets
Reported on: November 13, 2018
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband.


SVE-2018-13547: FRP bypass using SVoice T&C

Severity: Low
Affected Versions: N(7.x), O(8.x) devices
Reported on: November 21, 2018
Disclosure status: Privately disclosed.
External link exposure in SVoice T&C allows Factory Reset Protection (FRP) bypass.
The patch prevents access to the specific link by removing the URL in T&C.


SVE-2018-13563: Leakage of private mode content’s thumbnail

Severity: Moderate
Affected versions: Selected N(7.x), O(8.x) devices which supports Private Mode
Reported on: November 27, 2018
Disclosure status: Privately disclosed.
A vulnerability in Gallery leaks Private Mode thumbnail contents.
The patch modifies handling of cache file to disabled access to Private Mode.


SVE-2018-13764: Preview exposure of Secure Folder

Severity: Moderate
Affected versions: P(9.0) devices
Reported on: December 28, 2018
Disclosure status: Privately disclosed.
A vulnerability in Secure Folder allows exposure of preview in recent apps.
The patch fixes Secure Folder to protect preview in recent apps.


SVE-2018-13765: Unpinning of app without authentication

Severity: Moderate
Affected versions: P(9.0) devices
Reported on: December 28, 2018
Disclosure status: Privately disclosed.
A vulnerability in Pin Window feature allows unpinning of app without authentication.
The patch fixes Pin Window to enforce authentication when unpinning app.


SVE-2019-13773: Secure startup bug

Severity: Moderate
Affected versions: P(9.0) devices
Reported on: January 3, 2019
Disclosure status: Privately disclosed.
A vulnerability in Secure Startup feature allows exposure of keyboard suggested words.
The patch blocks Samsung Keyboard from showing suggested words in the Secure Startup.


SVE-2019-13814, SVE-2019-13815: Security setting modifications without authentication

Severity: High
Affected versions: P(9.0) devices
Reported on: January 12, 2019
Disclosure status: Privately disclosed.
A vulnerability in Settings allows security settings modifications without authentication via certain unprivileged activities.
The patch fixes Settings to protect component from unprivileged activities.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Jelmer de Hen: SVE-2018-13452
- Pholwongsa, Voottisak: SVE-2018-13547
- Andr. Ess: SVE-2018-13453, SVE-2018-13563
- Bogdan: SVE-2018-13764, SVE-2018-13765, SVE-2019-13773, SVE-2019-13814, SVE-2019-13815
- Pierre Barre and Chaouki Kasmi from DarkMatter: SVE-2018-13162
- Fluoroacetate working with Zero Day Initiative: SVE-2018-13467
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Feb 2019 package. The Bulletin (Feb 2019) contains the following CVE items:

Critical
CVE-2019-1986, CVE-2019-1987, CVE-2019-1988, CVE-2019-1991, CVE-2019-1992

High
CVE-2018-13405, CVE-2018-10876, CVE-2018-10877, CVE-2018-10882, CVE-2018-18281, CVE-2018-12014, CVE-2017-17760, CVE-2018-5268, CVE-2018-5269, CVE-2019-1993, CVE-2019-1994, CVE-2019-1996, CVE-2019-1997, CVE-2019-1998

Moderate
CVE-2017-18009

Already included in previous updates
CVE-2018-11847, CVE-2018-17182, CVE-2018-11888, CVE-2018-11962, CVE-2018-13889

Not applicable to Samsung devices
CVE-2018-10880, CVE-2018-6241, CVE-2018-13888, CVE-2019-1995


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 12 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Feb-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13187: Heap overflow in Baseband

Severity: Critical
Affected Versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: October 15, 2018
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability in baseband may cause memory issues.
The patch adds length check code in the baseband.


SVE-2018-13188: Stack overflow in Baseband

Severity: Critical
Affected versions: N(7.x), O(8.x), P(9.0) devices with Exynos chipsets
Reported on: October 15, 2018
Disclosure status: Privately disclosed.
A possible stack overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband.


SVE-2018-13060: Possible uninitialized memory disclosure in Gallery

Severity: Low
Affected Versions: N(7.1), O(8.x), P(9.0) devices
Reported on: September 26, 2018
Disclosure status: Privately disclosed.
A vulnerability in the library that parses the images exposes memory when opening images via Gallery app.
The patch addresses the memory exposure in Gallery app.


SVE-2018-12981: Keyboard learned words are leaked on the lock screen via S-Voice

Severity: Moderate
Affected versions: N(7.x), O(8.x) devices
Reported on: September 9, 2018
Disclosure status: Privately disclosed.
A vulnerability in Keyboard allows access to learned words via S-Voice in the locked state.
The patch blocks access to Keyboard’s learned words in the lock screen.


SVE-2018-13427: Information disclosure in the ion debugfs driver

Severity: Low
Affected Versions: N(7.1), O(8.x) devices with Exynos chipsets
Reported on: November 5, 2018
Disclosure status: Privately disclosed.
A possible information leak vulnerability exists in the ion debugfs driver.
The patch prevents output of kernel driver in the kernel log.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Belchenko Artem: SVE-2018-13060
- Bogdan: SVE-2018-12981
- Jianqiang Zhao: SVE-2018-13427
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin - Jan 2019 package. The Bulletin (Jan 2019) contains the following CVE items:

Critical
CVE-2018-11279, CVE-2017-8248, CVE-2018-9583

High
CVE-2017-18160, CVE-2018-9568, CVE-2018-11963,CVE-2018-11960, CVE-2018-9565, CVE-2017-18329, CVE-2017-18326, CVE-2017-18321,CVE-2017-18323,CVE-2017-18324,CVE-2017-18332,CVE-2017-18319,CVE-2017-18322,CVE-2017-18328, CVE-2018-5915,CVE-2018-9582,CVE-2018-9584,CVE-2018-9585,CVE-2018-9586,CVE-2018-9587,CVE-2018-9588,CVE-2018-9589,CVE-2018-9590,CVE-2018-9591,CVE-2018-9592,CVE-2018-9593,CVE-2018-9594

Moderate
None

Already included in previous updates
CVE-2018-11267, CVE-2018-11961, CVE-2018-10840, CVE-2018-5869, CVE-2017-18320, CVE-2017-11004, CVE-2017-18141, CVE-2017-8276, CVE-2018-3595, CVE-2017-18330, CVE-2018-11999, CVE-2018-5868, CVE-2018-5867, CVE-2017-18331, CVE-2017-18327, CVE-2017-5754, CVE-2018-5913

Not applicable to Samsung devices
CVE-2018-11922, CVE-2018-9567


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 4 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2019 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2018-13162: TCP SYN Packet Denial Of Service Vulnerability on the WIFI interface

Severity: High
Affected Versions: N(7.0), O(8.x) devices with Exynos9810 chipset
Reported on: October 9, 2018
Disclosure status: Privately disclosed.
A vulnerability in WIFI allows denial of service due to memory exhaustion from TCP SYN flooding attack.
The patch prevents memory exhaustion when TCP SYN flooding attack is detected.


SVE-2018-13467: Heap Overflow in Baseband (SS ASN Decoding)

Severity: Critical
Affected versions: O(8.x) devices with Exynos9810 chipset
Reported on: November 13, 2018
Disclosure status: Privately disclosed.
A possible heap overflow vulnerability in baseband allows arbitrary code execution.
The patch adds length check code in the baseband.


SVE-2018-13474: Captive Portal redirection vulnerability

Severity: Moderate
Affected Versions: N(7.x), O(8.x), P(9.0)
Reported on: November 13, 2018
Disclosure status: Privately disclosed.
A vulnerability in Captive Portal allows automatic redirection to unsafe applications.
The patch blocks handling of custom scheme in Captive Portal to prevent automatic redirection.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
We truly appreciate the following researchers for helping Samsung to improve the security of our products.

- Pierre Barre and Chaouki Kasmi from DarkMatter: SVE-2018-13162
- Fluoroacetate working with Zero Day Initiative: SVE-2018-13467
- MWR Labs working with Zero Day Initiative: SVE-2018-13474