Security Vulnerabilities - CVEs Published In October 2023
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability.
This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-10-04
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-10-04
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-10-04
Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.
CVSS Score
5.1
EPSS Score
0.0
Published
2023-10-04
Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-10-04
Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.
CVSS Score
4.0
EPSS Score
0.001
Published
2023-10-04
An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-04
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
CVSS Score
8.5
EPSS Score
0.0
Published
2023-10-04
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
CVSS Score
8.5
EPSS Score
0.001
Published
2023-10-04
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
CVSS Score
6.7
EPSS Score
0.001
Published
2023-10-04