close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Updates>Firmware Updates

Security Updates

2023Open selected window by year

Close selected window by year
January February March April May June July August September October November December

Disclaimer

  • Please note that in some cases regular OS upgrades may cause delays to planned security updates. However, users can be rest assured the OS upgrades will include up-to-date security patches when delivered.
  • While we are doing our best to deliver the security patches as soon as possible to all applicable models, delivery time of security patches may vary depending on the regions and models.
  • Some patches to be received from chipset vendors (also known as Device Specific patches) may not be included in the security update package of the month. They will be included in upcoming security update packages as soon as the patches are ready to deliver.

Acknowledgements

Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – December 2023 package. The Bulletin (December 2023) contains the following CVE items:

Critical
CVE-2023-21671, CVE-2023-28574, CVE-2023-22388, CVE-2023-33045, CVE-2023-40077, CVE-2023-40076, CVE-2023-40088, CVE-2023-45866

High
CVE-2023-28469, CVE-2023-20702, CVE-2023-32835, CVE-2023-32834, CVE-2023-33031, CVE-2023-33059, CVE-2023-33055, CVE-2023-33074, CVE-2023-28545, CVE-2023-24852, CVE-2023-33048, CVE-2023-33056, CVE-2023-33047, CVE-2023-33061, CVE-2023-40079, CVE-2023-40089, CVE-2023-40091, CVE-2023-40095, CVE-2023-40096, CVE-2023-40103, CVE-2023-45774, CVE-2023-45777, CVE-2023-40073, CVE-2023-40092, CVE-2023-40074, CVE-2023-40075, CVE-2023-40078, CVE-2023-40080, CVE-2023-40082, CVE-2023-40084, CVE-2023-40087, CVE-2023-40090, CVE-2023-40097, CVE-2023-45773, CVE-2023-45775, CVE-2023-45776, CVE-2023-35668, CVE-2023-40083, CVE-2023-21394, CVE-2023-40098, CVE-2023-45781, CVE-2023-40094(A-288896339, A-307719731)

Moderate
None

Already included in previous updates
CVE-2023-28556

Not applicable to Samsung devices
CVE-2023-32836, CVE-2023-32837, CVE-2023-32832


※ Please see Android Security Bulletin for detailed information on Google patches.


Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:

Moderate
CVE-2023-45864, CVE-2023-42483

※ Please see Samsung Semiconductor Product Security Update for detailed information on Samsung Semiconductor patches.


Along with Google patches and Samsung Semiconductor patches, Samsung Mobile provides 16 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Dec-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2023-1700(CVE-2023-42570): Improper access control vulnerability in KnoxCustomManagerService

Severity: Moderate
Affected versions: Android 11, 12, 13, 14
Reported on: September 22, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
The patch adds proper access control.


SVE-2023-1694(CVE-2023-42564): Improper access control in knoxcustom service

Severity: High
Affected versions: Android 11, 12, 13, 14
Reported on: September 21, 2023
Disclosure status: Privately disclosed
Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.
The patch adds proper permission check logic.


SVE-2023-1621(CVE-2023-42563): Integer overflow vulnerability in libFacePreProcessingjni.camera.samsung.so

Severity: High
Affected versions: Android 12, 13, 14
Reported on: September 5, 2023
Disclosure status: Privately disclosed
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
The patch adds proper check logic to prevent integer overflow.


SVE-2023-1620(CVE-2023-42562): Integer overflow vulnerability in libFacePreProcessingjni.camera.samsung.so

Severity: High
Affected versions: Android 12, 13, 14
Reported on: September 5, 2023
Disclosure status: Privately disclosed
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
The patch adds proper check logic to prevent integer overflow.


SVE-2023-1488(CVE-2023-42569): Improper authorization verification vulnerability in AR Emoji

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: August 10, 2023
Disclosure status: Privately disclosed
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
The patch adds proper authorization verification logic to prevent unauthorized access.


SVE-2023-1480(CVE-2023-42561): Out-of-bounds write vulnerability in bootloader

Severity: High
Affected versions: Selected Android 11, 12, 13, 14 Qualcomm devices
Reported on: August 9, 2023
Disclosure status: Privately disclosed
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
The patch adds proper boundary check logic.


SVE-2023-1452(CVE-2023-42568): Improper access control vulnerability in SmartManagerCN

Severity: High
Affected versions: Android 12, 13
Reported on: August 6, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.
The patch adds proper access control.


SVE-2023-1440(CVE-2023-42560): Out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so

Severity: High
Affected versions: Android 11, 12, 13, 14
Reported on: August 3, 2023
Disclosure status: Privately disclosed
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
The patch adds proper size check logic.


SVE-2023-1430(CVE-2023-42559): Improper exception management vulnerability in Knox Guard

Severity: Moderate
Affected versions: Android 11, 12, 13, 14
Reported on: July 31, 2023
Disclosure status: Privately disclosed
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
The patch adds proper exception management logic to prevent Knox Guard lock bypass.


SVE-2023-1393(CVE-2023-42558): Out of bounds write vulnerability in HDCP in HAL

Severity: Moderate
Affected versions: Android 13
Reported on: July 24, 2023
Disclosure status: Privately disclosed
Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.
The patch adds proper boundary check logic to prevent buffer overflow.


SVE-2023-1374(CVE-2023-42557): Out-of-bound write vulnerability in libIfaaCa

Severity: Moderate
Affected versions: Android 12, 13, 14
Reported on: July 22, 2023
Disclosure status: Privately disclosed
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.
The patch adds proper logic to prevent arbitrary code execution.


SVE-2023-1350(CVE-2023-42567): Improper size check vulnerability in softsimd

Severity: High
Affected versions: Android 14
Reported on: July 16, 2023
Disclosure status: Privately disclosed
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
The patch adds proper input validation check logic.


SVE-2023-1102(CVE-2023-42566): Out-of-bound write vulnerability in libsavsvc

Severity: High
Affected versions: Android 11, 12, 13, 14
Reported on: June 19, 2023
Disclosure status: Privately disclosed
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
The patch adds proper logic to prevent arbitrary code execution.


SVE-2023-1003(CVE-2023-42565): Improper input validation vulnerability in Smart Clip

Severity: High
Affected versions: Android 13, 14
Reported on: June 8, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
The patch deletes related codes to prevent arbitrary code execution.


SVE-2023-0938(CVE-2023-42556): Implicit intent hijacking vulnerability in Contacts

Severity: Moderate
Affected versions: Android 11, 12, 13, 14
Reported on: May 31, 2023
Disclosure status: Privately disclosed
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.
The patch change the implicit intent to explicit intent.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.


Acknowledgements
Dzmitry Lukyanenka: SVE-2023-1700, SVE-2023-1694
dg: SVE-2023-1621, SVE-2023-1620
OrangeCat: SVE-2023-1488
HBh25Y from Codesafe Team of Legendsec at Qianxin Group: SVE-2023-1480
Chen Jiang of vivo kM1rr0rs secLab: SVE-2023-1452
Zinuo Han https://twitter.com/ele7enxxh of OPPO Amber Security Lab: SVE-2023-1440, SVE-2023-1393, SVE-2023-1374
Porkodi: SVE-2023-1430
byte3xr: SVE-2023-1350
Dawuge: SVE-2023-1102
Michał Bednarski: SVE-2023-1003
Oversecured (oversecured.com): SVE-2023-0938
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – November 2023 package. The Bulletin (November 2023) contains the following CVE items:

Critical
CVE-2023-24855, CVE-2023-28540, CVE-2023-33028, CVE-2023-4863, CVE-2023-40113

High
CVE-2020-29374, CVE-2023-21673, CVE-2023-22385, CVE-2023-24843, CVE-2023-24844, CVE-2023-24848, CVE-2023-24847, CVE-2023-24850, CVE-2023-24849, CVE-2023-24853, CVE-2023-34970, CVE-2023-33200, CVE-2023-33034, CVE-2023-33035, CVE-2023-33027, CVE-2023-33029, CVE-2023-33026, CVE-2023-4211, CVE-2023-20819, CVE-2023-32819, CVE-2023-32820, CVE-2021-44828, CVE-2022-28348, CVE-2023-40638, CVE-2023-40106, CVE-2023-40107, CVE-2023-40109, CVE-2023-40110, CVE-2023-40111, CVE-2023-40114, CVE-2023-40105, CVE-2023-40124, CVE-2023-40100, CVE-2023-40115, CVE-2023-40104, CVE-2023-40112, CVE-2023-21103, CVE-2023-21111, CVE-2023-21234, CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, CVE-2023-33063

Moderate
None

Already included in previous updates
None

Not applicable to Samsung devices
None


※ Please see Android Security Bulletin for detailed information on Google patches.


Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:

High
CVE-2023-41111, CVE-2023-41112

Moderate
CVE-2023-43122

※ Please see Samsung Semiconductor Product Security Update for detailed information on Samsung Semiconductor patches.


Along with Google patches and Samsung Semiconductor patches, Samsung Mobile provides 15 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Nov-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2023-1439(CVE-2023-42538): An improper input validation in saped_rec_silence in libsaped

Severity: High
Affected versions: Android 11, 12, 13
Reported on: August 3, 2023
Disclosure status: Privately disclosed
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
The patch adds proper boundary check logic to prevent buffer overflow.


SVE-2023-1437(CVE-2023-42537): An improper input validation in get_head_crc in libsaped

Severity: High
Affected versions: Android 11, 12, 13
Reported on: August 3, 2023
Disclosure status: Privately disclosed
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
The patch adds proper boundary check logic to prevent buffer overflow.


SVE-2023-1434(CVE-2023-42536): An improper input validation in saped_dec in libsaped

Severity: High
Affected versions: Android 11, 12, 13
Reported on: August 2, 2023
Disclosure status: Privately disclosed
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
The patch adds proper boundary check logic to prevent buffer overflow.


SVE-2023-1396(CVE-2023-42533): Improper Input Validation with USB Gadget Interface

Severity: High
Affected versions: Android 12, 13
Reported on: July 25, 2023
Disclosure status: Privately disclosed
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.
The patch adds proper implementation for arbitrary input.


SVE-2023-1365(CVE-2023-42532): Improper Certificate Validation in FotaAgent

Severity: High
Affected versions: Android 11, 12, 13
Reported on: July 19, 2023
Disclosure status: Privately disclosed
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release 1 allows remote attacker to intercept the network traffic including Firmware information.
The patch adds proper certificate validation.


SVE-2023-1363(CVE-2023-42535): Out-of-bounds Write in read_block of vold

Severity: High
Affected versions: Android 12, 13
Reported on: July 18, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
The patch modifies buffer size check logic.


SVE-2023-1031(CVE-2023-42531): Improper access control vulnerability in SmsController

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 12, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release 1 allows local attackers to bypass restrictions on starting activities from the background.
The patch adds proper access control.


SVE-2023-0987(CVE-2023-42530): Improper access control vulnerability in SecSettings

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 7, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.
The patch adds the permission to prevent improper access.


SVE-2023-0611(CVE-2023-42534): Improper input validation vulnerability in ChooserActivity

Severity: Moderate
Affected versions: Android 12, 13
Reported on: April 10, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
The patch adds proper validation logic to check input value.


SVE-2023-0541(CVE-2023-42529): Out-of-bound write in libsec-ril

Severity: High
Affected versions: Android 11, 12, 13
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.
The patch adds proper logic to prevent arbitrary code execution.


SVE-2023-0539(CVE-2023-42528): Heap Overflow in ProcessNvBuffering of libsec-ril

Severity: High
Affected versions: Android 11, 12, 13
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper check logic to prevent arbitrary code execution.


SVE-2023-0538(CVE-2023-42527): Improper input validation in ProcessWriteFile of libsec-ril

Severity: High
Affected versions: Android 11, 12, 13
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.
The patch adds proper check logic to prevent to expose sensitive information.


SVE-2023-0537(CVE-2023-30739): Arbitrary File Descriptor Write in libsec-ril

Severity: High
Affected versions: Android 11, 12, 13
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper check logic to prevent arbitrary file descriptor write.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Zinuo Han https://twitter.com/ele7enxxh of OPPO Amber Security Lab: SVE-2023-1439, SVE-2023-1437, SVE-2023-1434, SVE-2023-1363
Christopher Wade: SVE-2023-1396
Aapo Oksman: SVE-2023-1365
hsia.angsh: SVE-2023-1031
Oversecured (oversecured.com): SVE-2023-0987, SVE-2023-0611
Daniel Komaromy of TASZK Security Labs: SVE-2023-0541, SVE-2023-0539, SVE-2023-0538, SVE-2023-0537
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – October 2023 package. The Bulletin (October 2023) contains the following CVE items:

Critical
CVE-2023-28581, CVE-2023-40129

High
CVE-2023-21646, CVE-2023-21653, CVE-2023-28549, CVE-2023-28573, CVE-2023-33016, CVE-2023-33015, CVE-2023-33021, CVE-2023-33019, CVE-2023-28584, CVE-2023-21266, CVE-2023-40116, CVE-2023-40120, CVE-2023-40131, CVE-2023-40140, CVE-2023-21291, CVE-2023-40121, CVE-2023-40134, CVE-2023-40136, CVE-2023-40137, CVE-2023-40138, CVE-2023-40139, CVE-2023-21244, CVE-2023-40117, CVE-2023-40125, CVE-2023-40128, CVE-2023-40130, CVE-2023-40123, CVE-2023-40127, CVE-2023-40133, CVE-2023-40135, CVE-2023-21252, CVE-2023-21253

Moderate
None

Already included in previous updates
CVE-2022-40534

Not applicable to Samsung devices
CVE-2023-28538


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 12 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Oct-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2023-0524(CVE-2023-30733): Stack-based Buffer Overflow in HDCP trustlet

Severity: High
Affected versions: Android 12, 13
Reported on: March 31, 2023
Disclosure status: Privately disclosed
Stack-based Buffer Overflow vulnerability in HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.
The patch adds proper size check.


SVE-2023-0610(CVE-2023-30690): Improper input validation vulnerability in Duo

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 10, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent parcel mismatch.


SVE-2023-0620(CVE-2023-30692): Improper input validation vulnerability in Evaluator

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 10, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent parcel mismatch.


SVE-2023-0989(CVE-2023-30727): Improper access control vulnerability in SecSettings

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 7, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
The patch adds the permission to prevent improper access.


SVE-2023-1200(CVE-2023-30731): Logic error in package installation via debugger command

Severity: Moderate
Affected versions: Android 12, 13
Reported on: June 26, 2023
Disclosure status: Privately disclosed
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
The patch adds proper logic to prevent to install application that has different build type.


SVE-2023-1262(CVE-2023-30732): Improper access control in system property

Severity: Moderate
Affected versions: Android 13
Reported on: June 30, 2023
Disclosure status: Privately disclosed
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.
The patch adds proper permission.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Vincenzo Bonforte - @Bonfee1: SVE-2023-0524
hearmen: SVE-2023-0610, SVE-2023-0620
Oversecured (oversecured.com): SVE-2023-0989
Cody Stobaugh aka K0mraid3: SVE-2023-1200
Zhang Qing, Wang Kailong: SVE-2023-1262
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – September 2023 package. The Bulletin (September 2023) contains the following CVE items:

Critical
CVE-2022-40510, CVE-2023-35658, CVE-2023-35673, CVE-2023-35681

High
CVE-2020-29374, CVE-2023-20780, CVE-2023-21626, CVE-2023-35669, CVE-2023-35674, CVE-2023-35676, CVE-2023-35687, CVE-2023-35675, CVE-2023-35679, CVE-2023-35666, CVE-2023-35667, CVE-2023-35670, CVE-2023-35682, CVE-2023-35684, CVE-2023-35671, CVE-2023-35683, CVE-2023-35677, CVE-2023-21135, CVE-2023-21118

Moderate
None

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2022-34830, CVE-2023-21264, CVE-2023-28537, CVE-2023-22666, CVE-2023-28555, CVE-2023-35665, CVE-2023-35664, CVE-2023-35680


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 35 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Sep-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2022-0857(CVE-2023-30706): Improper authorization in Samsung Keyboard

Severity: Moderate
Affected versions: Android 12
Reported on: April 6, 2022
Disclosure status: Privately disclosed
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.
The patch adds proper authentication logic.


SVE-2022-1724(CVE-2023-30707): Improper input validation in Samsung Keyboard

Severity: Moderate
Affected versions: Android 12
Reported on: July 19, 2022
Disclosure status: Privately disclosed
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
The patch adds the proper validation logic.


SVE-2022-2628(CVE-2023-30708): Improper authentication in SecSettings

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: November 7, 2022
Disclosure status: Privately disclosed
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
The patch adds proper authentication logic.


SVE-2023-0622(CVE-2023-30709): Improper access control in Dual Messenger

Severity: High
Affected versions: Android 11, 12, 13
Reported on: April 10, 2023
Disclosure status: Privately disclosed
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.
The patch has changed the activity configuration.


SVE-2023-0642(CVE-2023-30710): Improper input validation vulnerability in Knox AI

Severity: Moderate
Affected versions: Android 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent parcel mismatch.


SVE-2023-0811(CVE-2023-30711): Improper authentication in Phone and Messaging Storage

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: May 11, 2023
Disclosure status: Privately disclosed
Improper authentication in Phone and Messaging Storage SMR Sep-2023 Release 1 allows attacker to insert arbitrary data to the provider.
The patch adds proper authentication logic.


SVE-2023-0871(CVE-2023-30712): Launch anywhere vulnerability in Settings Suggestions

Severity: High
Affected versions: Android 13
Reported on: May 17, 2023
Disclosure status: Privately disclosed
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
The patch add the logic to verify the request.


SVE-2023-0941(CVE-2023-30713): Improper privilege management in One UI Home

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 devices
Reported on: May 31, 2023
Disclosure status: Privately disclosed
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
The patch adds the proper protection logic.


SVE-2023-0942(CVE-2023-30714): Improper authorization in One UI Home

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 devices
Reported on: May 31, 2023
Disclosure status: Privately disclosed
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
The patch adds the proper check logic.


SVE-2023-0949(CVE-2023-30715): Improper access control vulnerability in Weather

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: May 31, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
The patch adds proper protection to prevent access to location information.


SVE-2023-0954(CVE-2023-30716): Improper access control vulnerability in SVCAgent

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 1, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
The patch adds proper permission to prevent improper access.


SVE-2023-0963(CVE-2023-30717): Sensitive information exposure vulnerability in SVCAgent

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 2, 2023
Disclosure status: Privately disclosed
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.
The patch adds proper permission to access sensitive information.


SVE-2023-0993(CVE-2023-30718): Improper export of Android application components in WifiApAutoHotspotEnablingActivity

Severity: Moderate
Affected versions: Android 13
Reported on: June 7, 2023
Disclosure status: Privately disclosed
Improper export of Android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
The patch adds proper access control.


SVE-2023-1027(CVE-2023-30719): Exposure of Sensitive Information vulnerability in InboundSmsHandler

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 12, 2023
Disclosure status: Privately disclosed
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.
The patch adds proper access control.


SVE-2023-1028(CVE-2023-30720): PendingIntent hijacking in LmsAssemblyTrackerCTC

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 12, 2023
Disclosure status: Privately disclosed
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
The patch adds proper access control.


SVE-2023-1059(CVE-2023-30721): Insertion of sensitive information into log vulnerability in Locksettings

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 17, 2023
Disclosure status: Privately disclosed
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.
The patch modifies the conditions under the information is printed in the device log.


SVE-2023-1404(CVE-2023-52432): Improper input validation in libsec-ril

Severity: Moderate
Affected versions: Android 13, 14
Reported on: July 26, 2023
Disclosure status: Privately disclosed
Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.
The patch adds proper boundary check logic to prevent buffer overflow.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Oversecured (oversecured.com): SVE-2022-0857, SVE-2023-0622, SVE-2023-0963, SVE-2023-0993, SVE-2023-1027, SVE-2023-1028
hsia.angsh: SVE-2022-1724
Zhongquan Li @ ADLab of VenusTech: SVE-2022-2628
MyTyrannosaurusBuddy: SVE-2023-0642
Jang Taejin @jtjisgod: SVE-2023-0811
hackhackdump: SVE-2023-0871
Stealth Assassin: SVE-2023-0941, SVE-2023-0942, SVE-2023-0954
Dongxiang Ke of Baidu AIoT Security Team: SVE-2023-0949
Patrik Gissleholm: SVE-2023-1059
Zinuo Han https://twitter.com/ele7enxxh of OPPO Amber Security Lab: SVE-2023-1404
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – August 2023 package. The Bulletin (August 2023) contains the following CVE items:

Critical
CVE-2023-21629, CVE-2023-21282

High
CVE-2022-28350, CVE-2023-28147, CVE-2021-29256, CVE-2021-0948, CVE-2022-42703, CVE-2023-21255, CVE-2023-20755, CVE-2023-20754, CVE-2023-21631, CVE-2023-21672, CVE-2023-22387, CVE-2023-28542, CVE-2023-22386, CVE-2023-24854, CVE-2023-28541, CVE-2023-24851, CVE-2023-21265, CVE-2023-21287, CVE-2023-21269, CVE-2023-21270, CVE-2023-21278, CVE-2023-21281, CVE-2023-21286, CVE-2023-21276, CVE-2023-21277, CVE-2023-21279, CVE-2023-21283, CVE-2023-21288, CVE-2023-21289, CVE-2023-21292, CVE-2023-21280, CVE-2023-21284, CVE-2023-20965, CVE-2023-21132, CVE-2023-21133, CVE-2023-21134, CVE-2023-21140, CVE-2023-21242, CVE-2023-21275, CVE-2023-21285, CVE-2023-21268, CVE-2023-21290, CVE-2023-21229, CVE-2023-21230, CVE-2023-21231, CVE-2023-35689, CVE-2023-21233

Moderate
CVE-2023-26083

Already included in previous updates
CVE-2023-21272, CVE-2023-21273, CVE-2023-21234, CVE-2023-21235, CVE-2023-21232

Not applicable to Samsung devices
CVE-2023-25012, CVE-2023-22667, CVE-2023-21271, CVE-2023-21274


※ Please see Android Security Bulletin for detailed information on Google patches.


Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:

High
CVE-2023-41911, CVE-2023-42482

Moderate
CVE-2023-36481, CVE-2023-37366

Low
CVE-2023-40218

※ Please see Samsung Semiconductor Product Security Update for detailed information on Samsung Semiconductor patches.


Along with Google patches and Samsung Semiconductor patches, Samsung Mobile provides 35 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Aug-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2023-0953(CVE-2023-30701): PendingIntent hijacking in WifiGeofenceManager

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: June 1, 2023
Disclosure status: Privately disclosed
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.
The patch adds proper access control.


SVE-2023-0877(CVE-2023-30700): PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: May 19, 2023
Disclosure status: Privately disclosed
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.
The patch adjusts the intent to prevent PendingIntent hijacking.


SVE-2023-0821(CVE-2023-30699): Out-of-bounds write in parser_hvcC function in libsimba

Severity: Critical
Affected versions: Android 11, 12, 13
Reported on: May 11, 2023
Disclosure status: Privately disclosed
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.
The patch adds the proper validation of input data.


SVE-2023-0791(CVE-2023-30698): Improper access control vulnerability in TelephonyUI

Severity: Moderate
Affected versions: Android 13
Reported on: May 8, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.
The patch adds proper access control logic.


SVE-2023-0736(CVE-2023-30697): An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 27, 2023
Disclosure status: Privately disclosed
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
The patch adds proper boundary check logic to prevent buffer overflow.


SVE-2023-0734(CVE-2023-30696): An improper input validation in IpcTxGetVerifyAkey in libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 27, 2023
Disclosure status: Privately disclosed
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
The patch adds proper boundary check logic to prevent buffer overflow.


SVE-2023-0723(CVE-2023-30694): Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 26, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0721(CVE-2023-30693): Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 25, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0618(CVE-2023-30691): Improper input validation in AuthenticationConfig

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 10, 2023
Disclosure status: Privately disclosed
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.
The patch removes unused code.


SVE-2023-0607(CVE-2023-30689): Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 9, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0601(CVE-2023-30688): Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 8, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0600(CVE-2023-30687): Out-of-bounds Write in RmtUimApdu of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 7, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0599(CVE-2023-30686): Out-of-bounds Write in ReqDataRaw of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 7, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0598(CVE-2023-30685): Improper access control vulnerability in Telecom

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 7, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to change TTY mode.
The patch adds a proper permission to protect a receiver.


SVE-2023-0588(CVE-2023-30684, CVE-2023-30683, CVE-2023-30682): Improper access control in Telecom

Severity: Moderate
Affected versions: Android 13
Reported on: April 6, 2023
Disclosure status: Privately disclosed
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call APIs without permission.
The patch adds proper permission.


SVE-2023-0585(CVE-2023-30654): Improper access control vulnerability in SLocationService

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 6, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.
The patch adds the permission to prevent improper access.


SVE-2023-0569(CVE-2023-30681): An improper input validation vulnerability in VaultKeeper in HAL

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 4, 2023
Disclosure status: Privately disclosed
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
The patch adds proper boundary check logic to prevent buffer overflow.


SVE-2023-0566(CVE-2023-30680): Improper privilege management in MMIGroup

Severity: High
Affected versions: Select Android 12, 13 devices
Reported on: April 4, 2023
Disclosure status: Privately disclosed
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.
The patch removes the vulnerable function.


SVE-2023-0499(CVE-2023-30679): Improper access control in HDCP trustlet

Severity: High
Affected versions: Android 11, 12, 13
Reported on: March 29, 2023
Disclosure status: Privately disclosed
Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.
The patch adds proper check logic.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Oversecured (oversecured.com): SVE-2023-0953, SVE-2023-0877
Dawuge: SVE-2023-0821, SVE-2023-0791
Zinuo Han https://twitter.com/ele7enxxh of OPPO Amber Security Lab: SVE-2023-0736, SVE-2023-0734, SVE-2023-0723, SVE-2023-0721, SVE-2023-0607, SVE-2023-0601, SVE-2023-0600, SVE-2023-0599, SVE-2023-0569
hearmen: SVE-2023-0618
balance: SVE-2023-0598, SVE-2023-0588, SVE-2023-0585
Ryan Johnson: SVE-2023-0566
Vincenzo Bonforte - @Bonfee1: SVE-2023-0499
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – July 2023 package. The Bulletin (July 2023) contains the following CVE items:

Critical
CVE-2022-40529, CVE-2022-33257, CVE-2023-21250

High
CVE-2022-22706, CVE-2022-46781, CVE-2022-28349, CVE-2021-0701, CVE-2021-0945, CVE-2022-40533, CVE-2023-21657, CVE-2022-40520, CVE-2022-40516, CVE-2022-40517, CVE-2022-33251, CVE-2022-33264, CVE-2022-40538, CVE-2022-40536, CVE-2022-22060, CVE-2022-40521, CVE-2023-21628, CVE-2023-21658, CVE-2023-21659, CVE-2023-21661, CVE-2023-21656, CVE-2022-48391, CVE-2022-48392, CVE-2022-48390, CVE-2022-48438, CVE-2023-21120, CVE-2023-21101, CVE-2023-21670, CVE-2023-20918, CVE-2023-21145, CVE-2023-21251, CVE-2023-21254, CVE-2023-21257, CVE-2023-21262, CVE-2023-21238, CVE-2023-21239, CVE-2023-21249, CVE-2023-21087, CVE-2023-2136, CVE-2023-21241, CVE-2023-21246, CVE-2023-21247, CVE-2023-21248, CVE-2023-21256, CVE-2023-20910, CVE-2023-21240, CVE-2023-21243, CVE-2022-27405

Moderate
None

Already included in previous updates
CVE-2022-40523, CVE-2022-33292, CVE-2023-20942

Not applicable to Samsung devices
CVE-2023-21669

※ Please see Android Security Bulletin for detailed information on Google patches.


Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:

Low
CVE-2023-36482

※ Please see Samsung Semiconductor Product Security Update for detailed information on Samsung Semiconductor patches.


Along with Google and Samsung Semiconductor patches, Samsung Mobile provides 38 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jul-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2023-0771(CVE-2023-30671): Logic error in package installation via adb command

Severity: Moderate
Affected versions: Android 12, 13
Reported on: May 3, 2023
Disclosure status: Privately disclosed
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.
The patch adds proper logic to prevent downgrade application.


SVE-2023-0662(CVE-2023-30670): Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 15, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper boundary check to prevent arbitrary code execution.


SVE-2023-0661(CVE-2023-30669): Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 15, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper boundary check to prevent arbitrary code execution.


SVE-2023-0660(CVE-2023-30668): Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 14, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper boundary check to prevent arbitrary code execution.


SVE-2023-0653(CVE-2023-30667): Improper access control in Audio system service.

Severity: Moderate
Affected versions: Android 13
Reported on: April 13, 2023
Disclosure status: Privately disclosed
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
The patch adds proper authentication logic.


SVE-2023-0647(CVE-2023-30666): Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
The patch adds proper validation check logic to prevent Out-Of-Bounds write.


SVE-2023-0646(CVE-2023-30665): Improper input validation vulnerability in OnOemServiceMode in libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.
The patch adds proper validation check logic to prevent Out-Of-Bounds read.


SVE-2023-0645(CVE-2023-30664): Improper input validation vulnerability in RegisteredMSISDN

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent parcel mismatch.


SVE-2023-0644(CVE-2023-30663): Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
The patch adds proper validation check logic to prevent Out-Of-Bounds write.


SVE-2023-0640(CVE-2023-30662): Exposure of Sensitive Information vulnerability in UwbAospAdapterService

Severity: Moderate
Affected versions: Android 12, 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0639(CVE-2023-30661): Exposure of Sensitive Information vulnerability in UwbAospAdapterService

Severity: Moderate
Affected versions: Android 12, 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0637(CVE-2023-30660): Exposure of Sensitive Information vulnerability in UwbAospAdapterService

Severity: Moderate
Affected versions: Android 12, 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0636(CVE-2023-30659): Improper input validation in Transaction

Severity: Moderate
Affected versions: Android 13
Reported on: April 12, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent privilege escalation.


SVE-2023-0624(CVE-2023-30658): Improper input validation vulnerability in DataProfile

Severity: Moderate
Affected versions: Android 13
Reported on: April 11, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent parcel mismatch.


SVE-2023-0619(CVE-2023-30657): Improper input validation in EnhancedAttestationResult

Severity: Moderate
Affected versions: Android 11, 12, 13 devices
Reported on: April 10, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent privilege escalation.


SVE-2023-0615(CVE-2023-30656): Improper input validation vulnerability in LSOItemData

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: April 10, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.
The patch adds proper validation logic to prevent privilege escalation.


SVE-2023-0614(CVE-2023-30655): Improper input validation vulnerability in SCEPProfile

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 devices
Reported on: April 10, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent parcel mismatch.


SVE-2023-0574(CVE-2023-30653): Out of bounds read and write in enableTspDevice of sysinput HAL service

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 devices
Reported on: April 5, 2023
Disclosure status: Privately disclosed
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
The patch adds proper buffer size check logic.


SVE-2023-0573(CVE-2023-30652): Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 devices
Reported on: April 4, 2023
Disclosure status: Privately disclosed
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
The patch adds proper buffer size check logic.


SVE-2023-0572(CVE-2023-30651): Out of bounds read and write in callgetTspsysfs of sysinput HAL service

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 devices
Reported on: April 4, 2023
Disclosure status: Privately disclosed
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
The patch adds proper buffer size check logic.


SVE-2023-0571(CVE-2023-30650): Out of bounds read and write in callrunTspCmd of sysinput HAL service

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 devices
Reported on: April 4, 2023
Disclosure status: Privately disclosed
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
The patch adds proper buffer size check logic.


SVE-2023-0536(CVE-2023-30649): Arbitrary code execution in RILD

Severity: High
Affected versions: Selected Android 11, 12, 13 Exynos devices
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
The patch adds proper length check logic.


SVE-2023-0535(CVE-2023-30648): Out-of-bounds write vulnerability in RILD

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 Exynos devices
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD prior to SMR Jul-2023 Release 1 cause a denial of service on the system.
The patch adds proper boundary check logic.


SVE-2023-0534(CVE-2023-30647): Arbitrary code execution in RILD

Severity: High
Affected versions: Selected Android 11, 12, 13 Exynos devices
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
The patch adds proper length check logic.


SVE-2023-0533(CVE-2023-30646): Arbitrary code execution in RILD

Severity: High
Affected versions: Selected Android 11, 12, 13 Exynos devices
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
The patch adds proper length check logic.


SVE-2023-0532(CVE-2023-30645): Arbitrary code execution in RILD

Severity: High
Affected versions: Selected Android 11, 12, 13 Exynos devices
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
The patch adds proper length check logic.


SVE-2023-0531(CVE-2023-30644): Arbitrary code execution in RILD

Severity: High
Affected versions: Selected Android 11, 12, 13 Exynos devices
Reported on: April 1, 2023
Disclosure status: Privately disclosed
Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
The patch adds proper length check logic.


SVE-2023-0502(CVE-2023-30643): Missing authentication vulnerability in Galaxy Themes Service

Severity: High
Affected versions: Android 11, 12, 13
Reported on: March 30, 2023
Disclosure status: Privately disclosed
Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0498(CVE-2023-30642): Improper privilege management vulnerability in Galaxy Themes Service

Severity: Moderate
Affected versions: Android 12, 13
Reported on: March 29, 2023
Disclosure status: Privately disclosed
Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.
The patch adds proper permission to prevent unauthorized access.


SVE-2023-0484(CVE-2023-30641): Improper access control in Settings

Severity: High
Affected versions: Android 13
Reported on: March 26, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.
The patch disable the menu on restricted user profile.


SVE-2023-0479(CVE-2023-30640): Improper access control in PersonaManagerService

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: March 24, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change configuration.
The patch adds proper caller check logic.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Gilbert Perez: SVE-2023-0771
Zinuo Han https://twitter.com/ele7enxxh of OPPO Amber Security Lab: SVE-2023-0662, SVE-2023-0661, SVE-2023-0660, SVE-2023-0647, SVE-2023-0646, SVE-2023-0644, SVE-2023-0574, SVE-2023-0573, SVE-2023-0572, SVE-2023-0571
Oversecured (oversecured.com): SVE-2023-0653
MyTyrannosaurusBuddy: SVE-2023-0645, SVE-2323-0636, SVE-2323-0624
Zhang Qing, Wang Kailong: SVE-2023-0640, SVE-2023-0639, SVE-2023-0637
hearmen: SVE-2023-0619, SVE-2023-0615, SVE-2023-0614
Daniel Komaromy of TASZK Security Labs: SVE-2023-0536, SVE-2023-0535, SVE-2023-0534, SVE-2023-0533, SVE-2023-0532, SVE-2023-0531
Dawuge: SVE-2023-0502, SVE-2023-0498
Gerrit Hübbers: SVE-2023-0484
Parjanya Vyas: SVE-2023-0479
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – June 2023 package. The Bulletin (June 2023) contains the following CVE items:

Critical
CVE-2023-21127, CVE-2023-21108, CVE-2023-21130

High
CVE-2023-26085, CVE-2022-46396, CVE-2022-46891, CVE-2022-46395, CVE-2022-46394, CVE-2021-0877, CVE-2023-21102, CVE-2023-21106, CVE-2023-20697, CVE-2023-20698, CVE-2023-20726, CVE-2023-20694, CVE-2023-20695, CVE-2023-20696, CVE-2023-21665, CVE-2023-21666, CVE-2022-40508, CVE-2022-40504, CVE-2022-34144, CVE-2022-33305, CVE-2022-47487, CVE-2022-47469, CVE-2022-47470, CVE-2022-47486, CVE-2022-47488, CVE-2023-0266, CVE-2023-21126, CVE-2023-21128, CVE-2023-21129, CVE-2023-21131, CVE-2023-21139, CVE-2023-21105, CVE-2023-21136, CVE-2023-21137, CVE-2023-21143, CVE-2023-21115, CVE-2023-21121, CVE-2023-21122, CVE-2023-21123, CVE-2023-21124, CVE-2023-21135, CVE-2023-21138, CVE-2023-21095, CVE-2023-21141, CVE-2023-21142, CVE-2023-21144

Moderate
None

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2023-20699, CVE-2022-25713, CVE-2022-33273


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 11 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jun-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2023-0352(CVE-2023-21513): Improper privilege management in CC Mode

Severity: High
Affected versions: Android 11, 12, 13
Reported on: March 2, 2023
Disclosure status: Privately disclosed
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
The patch add proper device status check logic.


SVE-2022-2836(CVE-2023-21517): Heap out-of-bound write in Exynos baseband

Severity: High
Affected versions: Select devices using Exynos CP chipsets
Reported on: December 4, 2022
Disclosure status: Privately disclosed
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
The patch adds proper buffer size check logic.


SVE-2022-2743(CVE-2023-21512): Improper Knox ID validation in notification framework

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: November 22, 2022
Disclosure status: Privately disclosed
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
The patch adds proper Knox ID validation to prevent improper access to notifications.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Maldroid: SVE-2023-0352
Eduardo Coloma: SVE-2022-2743
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – May 2023 package. The Bulletin (May 2023) contains the following CVE items:

Critical
CVE-2022-33231, CVE-2022-33288, CVE-2022-33289, CVE-2022-33302

High
CVE-2022-32599, CVE-2022-41757, CVE-2022-38181, CVE-2022-36449, CVE-2022-33917, CVE-2022-42716, CVE-2021-0873, CVE-2021-0884, CVE-2021-0883, CVE-2021-0882, CVE-2021-0881, CVE-2021-0880, CVE-2021-0879, CVE-2021-0878, CVE-2021-0874, CVE-2021-0875, CVE-2021-0876, CVE-2021-0872, CVE-2021-0885, CVE-2022-4696, CVE-2023-20941, CVE-2023-20656, CVE-2023-20654, CVE-2023-20652, CVE-2023-20653, CVE-2023-20657, CVE-2022-33269, CVE-2023-21630, CVE-2022-33270, CVE-2022-40503, CVE-2022-47335, CVE-2022-47336, CVE-2022-47338, CVE-2022-47337, CVE-2021-39617, CVE-2022-20338, CVE-2023-20993, CVE-2023-21109, CVE-2023-21117, CVE-2023-20914, CVE-2023-21104, CVE-2023-20930, CVE-2023-21110, CVE-2022-20444, CVE-2023-21112, CVE-2023-21118, CVE-2023-21103

Moderate
CVE-2022-22706, CVE-2023-21116, CVE-2023-0266

Already included in previous updates
CVE-2023-20655, CVE-2022-40532

Not applicable to Samsung devices
CVE-2023-21107


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 21 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR May-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2023-0268(CVE-2023-21502): Improper input validation vulnerability in FactoryTest application allows local privilege escalation

Severity: High
Affected versions: Android 12, 13
Reported on: February 12, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.
The patch adds proper input validation check logic.


SVE-2023-0233(CVE-2023-21493): Improper access control vulnerability in SemShareFileProvider

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: February 6, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.
The patch adds proper caller check logic.


SVE-2023-0223(CVE-2023-21501): Arbitrary code execution in mPOS fiserve trustlet

Severity: Critical
Affected versions: Select Android 13 devices
Reported on: February 4, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
The patch adds proper boundary check to arbitrary code execution.


SVE-2023-0216(CVE-2023-21500): Double free validation in mPOS TUI trustlet

Severity: High
Affected versions: Select Android 13 devices
Reported on: February 3, 2023
Disclosure status: Privately disclosed
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.
The patch adds to set the pointer to NULL after memory free.


SVE-2023-0215(CVE-2023-21499, CVE-2023-21498, CVE-2023-21497): Arbitrary code execution in mPOS TUI trustlet

Severity: Critical
Affected versions: Select Android 13 devices
Reported on: February 3, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
The patch addressed the issue.


SVE-2023-0163(CVE-2023-21496): Active Debug Code vulnerability in ActivityManagerService

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: January 25, 2023
Disclosure status: Privately disclosed
Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.
The patch restrict to use debug function for unknown user.


SVE-2023-0131(CVE-2023-21492): Kernel pointers exposure in log file

Severity: Moderate
Affected versions: Selected Android 11, 12, 13 devices
Reported on: January 17, 2023
Disclosure status: Privately disclosed
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
The patch removes kernel pointers in log file.
※ Samsung was notified that an exploit for this issue had existed in the wild.


SVE-2023-0072(CVE-2023-21491): Improper access control vulnerability in ThemeManager

Severity: High
Affected versions: Android 12, 13
Reported on: January 11, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.
The patch adds proper validation logic to prevent arbitrary file write.


SVE-2023-0066(CVE-2023-21490): Improper access control in GearManagerStub

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: January 9, 2023
Disclosure status: Privately disclosed
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
The patch adds proper access control.


SVE-2023-0045(CVE-2023-21495): Improper access control vulnerability in Knox Enrollment Service

Severity: High
Affected versions: Android 11, 12, 13
Reported on: January 7, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
The patch adds proper access control.


SVE-2023-0010(CVE-2023-21489): Out-of-bounds write vulnerability in bootloader

Severity: High
Affected versions: Selected Android 11, 12, 13 Qualcomm devices
Reported on: January 3, 2023
Disclosure status: Privately disclosed
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
The patch adds proper boundary check logic.


SVE-2023-0006(CVE-2023-21488): Improper access control vulnerability in Tips

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: January 3, 2023
Disclosure status: Privately disclosed
Improper access control vulnerability in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
The patch remove unused code.


SVE-2022-3035(CVE-2023-21494): Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband

Severity: High
Affected versions: Select devices using Exynos CP chipsets
Reported on: December 26, 2022
Disclosure status: Privately disclosed
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
The patch adds proper input validation check logic.


SVE-2022-3031(CVE-2023-21504): Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband

Severity: High
Affected versions: Select devices using Exynos CP chipsets
Reported on: December 25, 2022
Disclosure status: Privately disclosed
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
The patch adds proper input validation check logic.


SVE-2022-3020(CVE-2023-21503): Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband

Severity: High
Affected versions: Select devices using Exynos CP chipsets
Reported on: December 23, 2022
Disclosure status: Privately disclosed
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
The patch adds proper input validation check logic.


SVE-2022-2957(CVE-2023-21487): Improper access control vulnerability in Telephony framework

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: December 14, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.
The patch adds a proper permission to protect a receiver.


SVE-2022-2946(CVE-2023-21486, CVE-2023-21485): Improper export of android application components in Call Settings

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: December 13, 2022
Disclosure status: Privately disclosed
Improper export of android application components vulnerability in Call Settings prior to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
The patch set the components to exported:false.


SVE-2022-2821(CVE-2023-21484): Improper access control vulnerability in AppLock

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: December 2, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.
The patch adds proper permission check.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Dawuge of Pangu Team: SVE-2023-0233, SVE-2023-0066, SVE-2023-0045, SVE-2023-0006, SVE-2022-2957, SVE-2022-2946, SVE-2022-2821
Vincenzo Bonforte - @Bonfee1: SVE-2023-0223, SVE-2023-0216, SVE-2023-0215
Alberto Magno Muniz Soares: SVE-2023-0163
Clément Lecigne of Google's Threat Analysis Group: SVE-2023-0131
Oversecured (oversecured.com): SVE-2023-0072
HBh25Y: SVE-2023-0010
Nevv and cyth@VARAS: SVE-2022-3020
Nevv and Vang3lis@VARAS: SVE-2022-3035, SVE-2022-3031
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – April 2023 package. The Bulletin (April 2023) contains the following CVE items:

Critical
CVE-2022-33213, CVE-2022-33256, CVE-2023-21085, CVE-2023-21096

High
CVE-2021-33655, CVE-2023-20623, CVE-2022-33242, CVE-2022-33278, CVE-2022-25709, CVE-2022-25705, CVE-2022-25694, CVE-2022-33244, CVE-2022-33272, CVE-2022-33250, CVE-2022-33254, CVE-2022-40531, CVE-2022-25655, CVE-2022-40527, CVE-2022-40535, CVE-2022-40530, CVE-2022-22075, CVE-2022-40537, CVE-2022-40540, CVE-2022-47459, CVE-2022-47460, CVE-2022-47461, CVE-2022-47462, CVE-2023-21081, CVE-2023-21088, CVE-2023-21089, CVE-2023-21092, CVE-2023-21094, CVE-2023-21097, CVE-2023-21098, CVE-2023-21090, CVE-2022-20463, CVE-2023-20967, CVE-2023-21084, CVE-2023-21086, CVE-2023-21093, CVE-2023-21099, CVE-2023-21100, CVE-2022-20471, CVE-2023-20909, CVE-2023-20935, CVE-2023-21080, CVE-2023-21082, CVE-2023-21083, CVE-2023-21091

Moderate
CVE-2023-20950

Already included in previous updates
None

Not applicable to Samsung devices
CVE-2023-20620, CVE-2023-20621, CVE-2022-40515, CVE-2022-33309

※ Please see Android Security Bulletin for detailed information on Google patches.


Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:

Moderate
CVE-2023-28613

※ Please see Samsung Semiconductor Product Security Update for detailed information on Samsung Semiconductor patches.


Along with Google and Samsung Semiconductor patches, Samsung Mobile provides 23 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Apr-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2023-0397(CVE-2023-21480): Improper input validation in CertByte

Severity: High
Affected versions: Select Android 11, 12, 13 devices
Reported on: March 8, 2023
Disclosure status: Privately disclosed
Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.
The patch adds proper validation logic to prevent privilege escalation.


SVE-2023-0100(CVE-2023-21476): Out-of-bounds Write in libaudiosaplus_sec.so library

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: January 13, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper boundary check to arbitrary code execution.


SVE-2023-0097(CVE-2023-21475): Out-of-bounds Write in libaudiosaplus_sec.so library

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: January 13, 2023
Disclosure status: Privately disclosed
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
The patch adds proper boundary check to arbitrary code execution.


SVE-2023-0068(CVE-2023-21474): Improper authorization in SecSettings

Severity: High
Affected versions: Android 11, 12, 13
Reported on: January 10, 2023
Disclosure status: Privately disclosed
Intent redirection vulnerability in SecSettings prior to SMR Apr-2023 Release 1 allows attackers to access arbitrary file with system privilege.
The patch adds input validation logic.


SVE-2022-3004(CVE-2023-21473): Improper input validation with Exynos Fastboot USB Interface

Severity: High
Affected versions: Selected Android 11, 12, 13 Exynos devices
Reported on: December 21, 2022
Disclosure status: Privately disclosed
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
The patch adds proper implementation for arbitrary input with USB interface.


SVE-2022-3001(CVE-2023-21472): Improper input validation with Exynos Fastboot USB Interface

Severity: High
Affected versions: Selected Android 11, 12, 13 Exynos devices
Reported on: December 21, 2022
Disclosure status: Privately disclosed
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
The patch adds proper implementation for arbitrary input with USB interface.


SVE-2022-2959(CVE-2023-21471): Improper access control vulnerability in SemClipboard

Severity: Moderate
Affected versions: Android 12, 13
Reported on: December 15, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.
The patch adds proper access control logic to prevent arbitrary file read.


SVE-2022-2948(CVE-2023-21470): Improper access control vulnerability in SLocation

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: December 13, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in SLocation prior to SMR Apr-2023 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.
The patch change to explicit intent.


SVE-2022-2947(CVE-2023-21469): Improper access control vulnerability in SLocation

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: December 13, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in SLocation prior to SMR Apr-2023 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.
The patch change to explicit intent.


SVE-2022-2907(CVE-2023-21479): Improper authorization in Smart suggestions

Severity: High
Affected versions: Android 13 and Samsung Smart Suggestions prior to 4.1.01.0 in Android 12
Reported on: December 8, 2022
Disclosure status: Privately disclosed
Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.
The patch remove the BROWSABLE attribute.


SVE-2022-2782(CVE-2023-21468): Improper access control vulnerability in Telephony

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: November 28, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.
The patch adds proper permission to prevent improper access.


SVE-2022-2755(CVE-2023-21467): Error in 3GPP specification implementation in Exynos baseband

Severity: Moderate
Affected versions: Select devices using Exynos CP chipsets
Reported on: November 23, 2022
Disclosure status: Privately disclosed
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
The patch adds proper authentication logic.


SVE-2022-2614(CVE-2023-21466): PendingIntent hijacking vulnerability in CertificatePolicy

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: November 4, 2022
Disclosure status: Privately disclosed
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access ContentProvider without proper permission.
The patch adjusts the intent to prevent PendingIntent hijacking.


SVE-2022-2318(CVE-2023-21478): Improper input validation vulnerability in TIGERF trustlet

Severity: High
Affected versions: Android 11, 12, 13
Reported on: September 19, 2022
Disclosure status: Privately disclosed
Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
The patch add proper input validation.


SVE-2022-2315(CVE-2023-21477): Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet

Severity: Critical
Affected versions: Android 11, 12, 13
Reported on: September 19, 2022
Disclosure status: Privately disclosed
Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
The patch add proper input validation.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Zinuo Han https://twitter.com/ele7enxxh of OPPO Amber Security Lab: SVE-2023-0100, SVE-2023-0097
wrlu: SVE-2023-0068
Christopher Wade: SVE-2022-3004, SVE-2022-3001
Michał Bednarski: SVE-2022-2959, SVE-2022-2782
hsia.angsh: SVE-2022-2948, SVE-2022-2947
Stealth Assassin: SVE-2022-2907
Chuan Yu: SVE-2022-2755
hackhackdump: SVE-2022-2614
mart1n and zraxx: SVE-2022-2318, SVE-2022-2315
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – March 2023 package. The Bulletin (March 2023) contains the following CVE items:

Critical
CVE-2022-33232, CVE-2022-33243, CVE-2022-40514, CVE-2023-20951, CVE-2023-20954

High
CVE-2022-0850, CVE-2022-41222, CVE-2023-20937, CVE-2023-20938, CVE-2023-20602, CVE-2022-33221, CVE-2022-33233, CVE-2022-33248, CVE-2022-33277, CVE-2022-47339, CVE-2022-47331, CVE-2023-20906, CVE-2023-20911, CVE-2023-20917, CVE-2023-20947, CVE-2023-20963, CVE-2023-20956, CVE-2023-20958, CVE-2023-20964, CVE-2023-20926, CVE-2023-20931, CVE-2023-20936, CVE-2023-20953, CVE-2023-20955, CVE-2023-20957, CVE-2023-20959, CVE-2023-20960, CVE-2023-20966, CVE-2022-4452, CVE-2022-20467, CVE-2023-20929, CVE-2023-20952, CVE-2023-20962, CVE-2022-20499

Moderate
None

Already included in previous updates
CVE-2022-40502, CVE-2022-40512, CVE-2022-33271, CVE-2022-33306

Not applicable to Samsung devices
CVE-2022-39189, CVE-2022-39842, CVE-2022-33280, CVE-2022-34145, CVE-2022-34146

※ Please see Android Security Bulletin for detailed information on Google patches.


Samsung Semiconductor patches are also included in this Security Maintenance Release with the following CVE items:

High
CVE-2023-26072, CVE-2023-26073, CVE-2023-26074, CVE-2023-26075, CVE-2023-26076

※ Please see Samsung Semiconductor Product Security Update for detailed information on Samsung Semiconductor patches.


Along with Google and Samsung Semiconductor patches, Samsung Mobile provides 23 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Mar-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2022-0604(CVE-2023-21459): Use after free vulnerability in decon driver

Severity: Moderate
Affected versions: Android 11, 12, 13 devices with Exynos2100 chipset
Reported on: February 1, 2023
Disclosure status: Privately disclosed
Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.
The patch adds proper check logic to prevent use after free.


SVE-2022-2984(CVE-2023-21461): Improper authorization vulnerability in Settings

Severity: Moderate
Affected versions: Android 12, 13
Reported on: December 18, 2022
Disclosure status: Privately disclosed
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.
The patch fixes incorrect implementation of AutoPowerOnOffConfirmDialog.


SVE-2022-2802(CVE-2023-21460): Improper authentication in SecSettings

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: November 30, 2022
Disclosure status: Privately disclosed
Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.
The patch adds proper authentication logic.


SVE-2022-2781(CVE-2023-21458): Improper privilege management vulnerability in System UI

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: November 28, 2022
Disclosure status: Privately disclosed
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.
The patch adds proper protected for the intent.


SVE-2022-2742(CVE-2023-21457): Improper access control vulnerability in Bluetooth

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: November 22, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
The patch addresses unprotected intent action.


SVE-2022-2713(CVE-2023-21456): Path traversal vulnerability in Galaxy Themes Service

Severity: High
Affected versions: Android 11, 12, 13
Reported on: November 17, 2022
Disclosure status: Privately disclosed
Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.
The patch adds proper input validation.


SVE-2022-2678(CVE-2023-21455): Improper authorization in Exynos baseband

Severity: Moderate
Affected versions: Select devices using Exynos CP chipsets
Reported on: November 12, 2022
Disclosure status: Privately disclosed
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.
The patch adds proper authentication logic.


SVE-2022-2652(CVE-2023-21454): Improper authorization in Samsung Keyboard

Severity: Moderate
Affected versions: Android 13
Reported on: November 9, 2022
Disclosure status: Privately disclosed
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.
The patch remove the context menu on the lockscreen.


SVE-2022-2316(CVE-2023-21453): Improper input validation vulnerability in SoftSim TA

Severity: High
Affected versions: Selected Android 13 devices
Reported on: September 19, 2022
Disclosure status: Privately disclosed
Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.
The patch add proper input validation.


SVE-2022-2212(CVE-2023-21452): Implicit intent hijacking vulnerability in Bluetooth

Severity: Moderate
Affected versions: Android 11, 12, 13
Reported on: September 11, 2022
Disclosure status: Privately disclosed
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.
The patch change the implicit intent to explicit intent.


SVE-2022-0671(CVE-2023-21449): Improper access control vulnerability in Call application

Severity: Moderate
Affected versions: Select Android 11, 12 devices
Reported on: March 19, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
The patch adds a proper permission to prevent improper access.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Le Wu of Baidu Security: SVE-2022-0604
Johan Francsics: SVE-2022-2984
Dzmitry Lukyanenka: SVE-2022-2802, SVE-2022-2781
hackhackdump: SVE-2022-2742
Dawuge of Pangu Team: SVE-2022-2713
Bedran Karakoc: SVE-2022-2678
Andr. Ess: SVE-2022-2652
mart1n and zraxx: SVE-2022-2316
Oversecured (oversecured.com): SVE-2022-2212, SVE-2022-0671
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – February 2023 package. The Bulletin (February 2023) contains the following CVE items:

Critical
CVE-2022-42719, CVE-2022-42721, CVE-2022-42720, CVE-2022-41674, CVE-2022-22088

High
CVE-2022-20235, CVE-2023-20928, CVE-2022-2959, CVE-2022-32636, CVE-2022-32637, CVE-2022-25746, CVE-2022-23960, CVE-2022-25725, CVE-2022-33284, CVE-2022-33286, CVE-2022-33276, CVE-2022-33285, CVE-2022-44426, CVE-2022-44425, CVE-2022-44427, CVE-2022-44428, CVE-2022-44431, CVE-2022-44429, CVE-2022-44432, CVE-2022-44430, CVE-2022-44435, CVE-2022-44437, CVE-2022-44434, CVE-2022-44436, CVE-2022-44438, CVE-2022-20443, CVE-2022-20551, CVE-2023-20934, CVE-2023-20942, CVE-2023-20943, CVE-2023-20944, CVE-2023-20948, CVE-2023-20933, CVE-2022-20481, CVE-2022-43680, CVE-2023-20939, CVE-2023-20945, CVE-2023-20946, CVE-2023-20932, CVE-2022-20455, CVE-2020-27059, CVE-2022-20441, CVE-2022-20451

Moderate
None

Already included in previous updates
CVE-2021-35097, CVE-2021-35113, CVE-2021-35134, CVE-2022-33274, CVE-2022-33252, CVE-2022-33253, CVE-2022-33283, CVE-2022-20006

Not applicable to Samsung devices
CVE-2022-32635, CVE-2022-33266, CVE-2022-33255, CVE-2023-20940


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 7 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Feb-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2022-2738(CVE-2023-21440): Improper access control vulnerability in WindowManagerService

Severity: High
Affected versions: T(13)
Reported on: November 21, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.
The patch adds proper permission check to prevent unauthorized access.


SVE-2022-2726(CVE-2023-21439): Improper input validation in UwbDataTxStatusEvent

Severity: High
Affected versions: S(12), T(13)
Reported on: November 19, 2022
Disclosure status: Privately disclosed
Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.
The patch adds proper validation logic to prevent privilege escalation.


SVE-2022-2546(CVE-2023-21438): App preview disclosure protected by Secure Folder in Recents

Severity: Moderate
Affected versions: R(11), S(12)
Reported on: October 25, 2022
Disclosure status: Privately disclosed
Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.
The patch adds proper validation logic to prevent unauthorized access.


SVE-2022-2328(CVE-2023-21437): Improper access control vulnerability in Phone application

Severity: Moderate
Affected versions: Q(10), R(11), S(12), T(13)
Reported on: September 20, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
The patch adds proper permission to prevent improper access.


SVE-2022-2296(CVE-2023-21436): Implicit intent hijacking vulnerability in Contacts

Severity: Moderate
Affected versions: Q(10), R(11), S(12), T(13)
Reported on: September 17, 2022
Disclosure status: Privately disclosed
Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.
The patch change the implicit intent to explicit intent.


SVE-2022-2195(CVE-2023-21435): Exposure of Sensitive Information vulnerability in Fingerprint TA

Severity: Moderate
Affected versions: Select R(11), S(12), T(13) devices
Reported on: September 9, 2022
Disclosure status: Privately disclosed
Exposure of sensitive information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.
The patch removes log that show the memory address.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
Michał Bednarski: SVE-2022-2738
Binwei Shen: SVE-2022-2726
Emilio Garza Cantu: SVE-2022-2546
Oversecured (oversecured.com): SVE-2022-2328, SVE-2022-2296
Zhongquan Li @ ADLab of VenusTech: SVE-2022-2195
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.


Google patches include patches up to Android Security Bulletin – January 2023 package. The Bulletin (January 2023) contains the following CVE items:

Critical
None

High
CVE-2021-39660, CVE-2022-23960(A-215557547), CVE-2022-32619, CVE-2022-32594, CVE-2022-32597, CVE-2022-32598, CVE-2022-32596, CVE-2022-25698, CVE-2022-25697, CVE-2022-25681, CVE-2022-25672, CVE-2022-25685, CVE-2022-25692, CVE-2022-25689, CVE-2022-25673, CVE-2022-25695, CVE-2022-25691, CVE-2022-25702, CVE-2022-25682, CVE-2022-33235, CVE-2022-39106, CVE-2022-39129, CVE-2022-39130, CVE-2022-39131, CVE-2022-39132, CVE-2022-39134, CVE-2022-42756, CVE-2022-42754, CVE-2022-42755, CVE-2022-39133, CVE-2022-42771, CVE-2022-42770, CVE-2022-42772, CVE-2022-20456, CVE-2022-20489, CVE-2022-20490, CVE-2022-20492, CVE-2022-20493, CVE-2023-20912, CVE-2023-20916, CVE-2023-20919, CVE-2023-20920, CVE-2023-20921, CVE-2022-20494, CVE-2023-20922, CVE-2022-20461, CVE-2023-20904, CVE-2023-20905, CVE-2023-20913, CVE-2023-20915

Moderate
None

Already included in previous updates
CVE-2022-32620, CVE-2022-33238, CVE-2022-33268

Not applicable to Samsung devices
None


※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 20 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2022-2537(CVE-2023-21430): An out-of-bound read vulnerability in libSDKRecognitionText.spensdk.samsung.so library

Severity: Moderate
Affected versions: Q(10), R(11), S(12), T(13)
Reported on: October 24, 2022
Disclosure status: Privately disclosed
An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Jan-2023 Release 1 allows attacker to cause memory access fault.
The patch adds proper boundary check logic to prevent out-of-bound access.


SVE-2022-2338(CVE-2023-21429): Implicit intent hijacking vulnerability in ePDG

Severity: Moderate
Affected versions: Q(10), R(11), S(12), T(13)
Reported on: September 20, 2022
Disclosure status: Privately disclosed
Improper usage of implicit intent in ePDG prior to SMR Jan-2023 Release 1 allows attacker to access SSID.
The patch change the implicit intent to explicit intent.


SVE-2022-2320(CVE-2023-21428): Improper input validation vulnerability in TelephonyUI

Severity: Moderate
Affected versions: R(11), S(12), T(13)
Reported on: September 19, 2022
Disclosure status: Privately disclosed
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
The patch removes unused code.


SVE-2022-2280(CVE-2023-21427): Improper access control vulnerabilities in NfcTile

Severity: Moderate
Affected versions: R(11), S(12), T(13)
Reported on: September 15, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
The patch adds proper permission in NfcTile to prevent unauthorized access.


SVE-2022-2278(CVE-2023-21426): Hardcoded encryption key vulnerability in NFC

Severity: Moderate
Affected versions: Select Q(10) devices
Reported on: September 15, 2022
Disclosure status: Privately disclosed
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
The patch adds proper usage of random private key api to prevent key exposure.


SVE-2022-2261(CVE-2023-21425): Improper access control vulnerability in telecom application

Severity: Moderate
Affected versions: Q(10), R(11), S(12), T(13)
Reported on: September 15, 2022
Disclosure status: Privately disclosed
Improper access control vulnerability in telecom application prior to SMR Jan-2023 Release 1 allows local attackers to get sensitive information.
The patch adds proper access control logic to prevent sensitive information leakage.


SVE-2022-2118(CVE-2023-21424): Improper Authorization vulnerability in SemChameleonHelper

Severity: Moderate
Affected versions: R(11), S(12), T(13)
Reported on: September 3, 2022
Disclosure status: Privately disclosed
Improper handling of insufficient permissions or privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
The patch restricts privilege of the app that calls SemChameleonHelper in Telephony.


SVE-2022-1967(CVE-2023-21423): Improper authorization vulnerability in ChnFileShareKit

Severity: Moderate
Affected versions: S(12), T(13)
Reported on: August 17, 2022
Disclosure status: Privately disclosed
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
The patch adds proper permission.


SVE-2022-1931(CVE-2023-21422): Improper authorization vulnerability in WifiSevice

Severity: Moderate
Affected versions: R(11), S(12)
Reported on: August 14, 2022
Disclosure status: Privately disclosed
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
The patch adds permission check logic when call the service API.


SVE-2022-1672(CVE-2023-21421): Improper Handling of Insufficient Permissions or Privileges vulnerability in Knox Service

Severity: Moderate
Affected versions: Q(10), R(11), S(12), T(13)
Reported on: July 14, 2022
Disclosure status: Privately disclosed
Improper handling of insufficient permissions or privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
The patch adds proper signature check in KnoxCustomManagerService to prevent unauthorized access.


SVE-2022-1364(CVE-2023-21420): Use of Externally-Controlled Format String vulnerabilities in STST TA

Severity: High
Affected versions: Q(10), R(11) devices with Teegris
Reported on: June 3, 2022
Disclosure status: Privately disclosed
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
The patch restricts the triggering for the print of externally controlled format string code.


SVE-2022-0471(CVE-2023-21419): A vulnerability in Secure Folder

Severity: Moderate
Affected versions: S(12)
Reported on: February 28, 2022
Disclosure status: Privately disclosed
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
The patch adds restriction that lock the SecureFolder container when PIP is closed.


Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements
dg: SVE-2022-2537
Oversecured (oversecured.com): SVE-2022-2338, SVE-2022-2320, SVE-2022-2280, SVE-2022-2278, SVE-2022-2261, SVE-2022-2118, SVE-2022-1931, SVE-2022-1672
Stealth Assassin: SVE-2022-1967
Thalium: SVE-2022-1364
Vijay Vignesh Baskaran: SVE-2022-0471