CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25490
https://notcve.org/view.php?id=CVE-2021-25490
06 Oct 2021 — A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. Un ataque de degradación de keyblob en keymaster versiones anteriores a SMR Oct-2021 Release 1, permite a un atacante desencadenar una vulnerabilidad de reuso de IV con un proceso privilegiado • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25489 – Samsung Mobile Devices Improper Input Validation Vulnerability
https://notcve.org/view.php?id=CVE-2021-25489
06 Oct 2021 — Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. Suponiendo que se obtenga el permiso de radio, una falta de comprobación de entrada en modem interface driver versiones anteriores a SMR Oct-2021 Release 1, resulta en un bug de cadena de formato que conlleva a un pánico del kernel Samsung mobile devices contain an improper input validation vulnerability within the modem interface drive... • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25488
https://notcve.org/view.php?id=CVE-2021-25488
06 Oct 2021 — Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. Una falta de comprobación de límites de un búfer en la función recv_data() de modem interface driver versiones anteriores a SMR Oct-2021 Release 1, permite una lectura OOB • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25487 – Samsung Mobile Devices Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2021-25487
06 Oct 2021 — Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. Una falta de comprobación de límites de un búfer en la función set_skb_priv() de modem interface driver versiones anteriores a SMR Oct-2021 Release 1, permite una lectura OOB y permite una ejecución de código arbitrario por desreferencia de un puntero de función no válido Samsung mobile devices... • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25486
https://notcve.org/view.php?id=CVE-2021-25486
06 Oct 2021 — Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. Una vulnerabilidad de exposición de información en ipcdump versiones anteriores a SMR Oct-2021 Release 1, permite a un atacante detectar información del dispositivo por medio del análisis de paquetes en el registro • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-25485
https://notcve.org/view.php?id=CVE-2021-25485
06 Oct 2021 — Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. Una vulnerabilidad de Salto de Ruta en FactoryAirCommnadManger versiones anteriores a SMR Oct-2021 Release 1, permite a atacantes escribir archivos como UID del sistema por medio de un socket remoto BT • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25484
https://notcve.org/view.php?id=CVE-2021-25484
06 Oct 2021 — Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. Una autenticación inapropiada en InputManagerService versiones anteriores a SMR Oct-2021 Release 1, permite una monitorización del evento táctil • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25483
https://notcve.org/view.php?id=CVE-2021-25483
06 Oct 2021 — Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. Una falta de comprobación de límites de un búfer en livfivextractor library versiones anteriores a SMR Oct-2021 Release 1, permite una lectura OOB • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25482
https://notcve.org/view.php?id=CVE-2021-25482
06 Oct 2021 — SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. Unas vulnerabilidades de inyección SQL en CMFA framework anteriores a la versión SMR Oct-2021 Release 1, permiten que una aplicación no confiable sobrescribir determinada información de CMFA framework • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25481
https://notcve.org/view.php?id=CVE-2021-25481
06 Oct 2021 — An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. Un manejo inapropiado de errores en Exynos CP booting driver versiones anteriores a SMR Oct-2021 Release 1, permite a atacantes locales omitir un protector de memoria seguro de la memoria de Exynos CP • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-754: Improper Check for Unusual or Exceptional Conditions •