
CVE-2021-39621
https://notcve.org/view.php?id=CVE-2021-39621
14 Jan 2022 — In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-185126319 En la función sendLegacyVoicemailNotification del archivo LegacyModeSmsHandler.java, se presenta una posible omisión de permisos debido a un Pending... • https://source.android.com/security/bulletin/2022-01-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVE-2021-39618
https://notcve.org/view.php?id=CVE-2021-39618
14 Jan 2022 — In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-196855999 En múltiples métodos del archivo EuiccNotificationManager.java, se presenta una posible forma de instalar paquetes existente... • https://source.android.com/security/bulletin/2022-01-01 •

CVE-2022-22271
https://notcve.org/view.php?id=CVE-2022-22271
07 Jan 2022 — A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. Una falta de comprobación de entrada antes de la copia de memoria en TIMA trustlet versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes copiar datos de una memoria arbitraria • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-125: Out-of-bounds Read •

CVE-2022-22270
https://notcve.org/view.php?id=CVE-2022-22270
07 Jan 2022 — An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. Una vulnerabilidad de secuestro de Intención Implícita en Dialer versiones anteriores a SMR Jan-2022 Release 1, permite a las aplicaciones no privilegiadas acceder a información de los contactos • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-552: Files or Directories Accessible to External Parties •

CVE-2022-22269
https://notcve.org/view.php?id=CVE-2022-22269
07 Jan 2022 — Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. Mantener datos confidenciales en BluetoothSettingsProvider sin protección versiones anteriores a 1 de SMR Jan-2022 permite a las aplicaciones que no son confiable conseguir una dirección MAC local de Bluetooth • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •

CVE-2022-22267
https://notcve.org/view.php?id=CVE-2022-22267
07 Jan 2022 — Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. Una vulnerabilidad de secuestro de Intención Implícita en ActivityMetricsLogger versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes conseguir información de la aplicación en ejecución • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •

CVE-2022-22268
https://notcve.org/view.php?id=CVE-2022-22268
07 Jan 2022 — Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. Una implementación incorrecta de Knox Guard versiones anteriores a SMR Jan-2022 Release 1, permite a atacantes físicamente próximos desbloquear temporalmente Knox Guard por medio del modo Samsung DeX • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-285: Improper Authorization CWE-552: Files or Directories Accessible to External Parties •

CVE-2022-22266
https://notcve.org/view.php?id=CVE-2022-22266
07 Jan 2022 — (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. (Aplicable sólo a los modelos de China) WifiEvaluationService desprotegido en la aplicación TencentWifiSecurity versiones anteriores a 1 de SMR Jan-2022, permite a las aplicaciones que no son confiables conseguir información del WiFi sin el permiso apropiado • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-269: Improper Privilege Management •

CVE-2022-22265 – Samsung Mobile Devices Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2022-22265
07 Jan 2022 — An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. Una comprobación o administración inapropiada de condiciones excepcionales en el controlador de la NPU versiones anteriores a 1 de SMR Jan-2022, permite una escritura arbitraria en memoria y una ejecución de código Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1 • CWE-703: Improper Check or Handling of Exceptional Conditions •

CVE-2021-0674
https://notcve.org/view.php?id=CVE-2021-0674
17 Dec 2021 — In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. En el descodificador alac, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2021 • CWE-125: Out-of-bounds Read •