CVE-2023-21497
https://notcve.org/view.php?id=CVE-2023-21497
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-134: Use of Externally-Controlled Format String •
CVE-2023-21502
https://notcve.org/view.php?id=CVE-2023-21502
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-20: Improper Input Validation •
CVE-2023-21500
https://notcve.org/view.php?id=CVE-2023-21500
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-415: Double Free •
CVE-2023-21503
https://notcve.org/view.php?id=CVE-2023-21503
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2023-21489
https://notcve.org/view.php?id=CVE-2023-21489
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-787: Out-of-bounds Write •