Samsung: Security Vulnerabilities
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918.
CVSS Score
3.9
EPSS Score
0.001
Published
2023-03-28
An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. Memory corruption can occur due to improper checking of the parameter length while parsing the fmtp attribute in the SDP (Session Description Protocol) module.
CVSS Score
8.6
EPSS Score
0.194
Published
2023-03-23
An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Memory corruption can occur due to improper checking of the number of properties while parsing the chatroom attribute in the SDP (Session Description Protocol) module.
CVSS Score
8.6
EPSS Score
0.194
Published
2023-03-23
An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute.
CVSS Score
8.6
EPSS Score
0.056
Published
2023-03-21
Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-03-16
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
CVSS Score
4.1
EPSS Score
0.0
Published
2023-03-16
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.
CVSS Score
6.2
EPSS Score
0.001
Published
2023-03-16
Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.
CVSS Score
5.0
EPSS Score
0.001
Published
2023-03-16
Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.
CVSS Score
4.4
EPSS Score
0.0
Published
2023-03-16
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.
CVSS Score
4.0
EPSS Score
0.0
Published
2023-03-16