CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20954
https://notcve.org/view.php?id=CVE-2025-20954
07 May 2025 — Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05 •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20953
https://notcve.org/view.php?id=CVE-2025-20953
07 May 2025 — Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20937
https://notcve.org/view.php?id=CVE-2025-20937
07 May 2025 — Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=05 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20952
https://notcve.org/view.php?id=CVE-2025-20952
09 Apr 2025 — Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20946
https://notcve.org/view.php?id=CVE-2025-20946
08 Apr 2025 — Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20939
https://notcve.org/view.php?id=CVE-2025-20939
08 Apr 2025 — Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20948
https://notcve.org/view.php?id=CVE-2025-20948
08 Apr 2025 — Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20947
https://notcve.org/view.php?id=CVE-2025-20947
08 Apr 2025 — Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20945
https://notcve.org/view.php?id=CVE-2025-20945
08 Apr 2025 — Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-20944 – Samsung S24 MP3 Decoder Out-Of-Bounds Read
https://notcve.org/view.php?id=CVE-2025-20944
08 Apr 2025 — Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. There is an out-of-bounds read in the MP3 decoder in the Samsung S24. The function smp123d_joint_stereo_v1 indexes into several tables for decoding, and does not check that the index is valid, allowing the tables to be read out of bounds. It may be possible to use this bug to bypass ASLR, as loading an MP3 that exercises this bug displays observable differences in beh... • https://packetstorm.news/files/id/199582 •