CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22495
https://notcve.org/view.php?id=CVE-2021-22495
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021). Se detectó un problema en los dispositivos móviles de Samsung con versiones de software O(8.x), P(9.0), Q(10.0) y R(11.0) (chipsets Exynos). El controlador GPU de Mali permite un acceso fuera de límites y el reinicio del dispositivo. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-22494
https://notcve.org/view.php?id=CVE-2021-22494
An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021). Se detectó un problema en el escáner de huellas dactilares de los dispositivos móviles de Samsung Note20 con versiones de software Q(10.0). • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 1CVE-2020-35693
https://notcve.org/view.php?id=CVE-2020-35693
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5. • https://github.com/alwentiu/contact-tracing-research/blob/main/samsung.pdf •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-28341
https://notcve.org/view.php?id=CVE-2020-28341
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software Q(10.0) (chipsets Exynos990). El chip S3K250AF Secure Element CC EAL 5+, permite a atacantes ejecutar código arbitrario y obtener información confidencial por medio de un desbordamiento del búfer. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-28343
https://notcve.org/view.php?id=CVE-2020-28343
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020). Se detectó un problema en los dispositivos móviles Samsung con versiones de software P(9.0) y Q(10.0) (chipsets Exynos 980, 9820, y 9830). El controlador de NPU permite a atacantes ejecutar código arbitrario debido a operaciones de lectura y escritura involuntarias en memoria. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-787: Out-of-bounds Write •