CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20888
https://notcve.org/view.php?id=CVE-2025-20888
04 Feb 2025 — Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20887
https://notcve.org/view.php?id=CVE-2025-20887
04 Feb 2025 — Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20886
https://notcve.org/view.php?id=CVE-2025-20886
04 Feb 2025 — Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20885
https://notcve.org/view.php?id=CVE-2025-20885
04 Feb 2025 — Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20884
https://notcve.org/view.php?id=CVE-2025-20884
04 Feb 2025 — Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20883
https://notcve.org/view.php?id=CVE-2025-20883
04 Feb 2025 — Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20882
https://notcve.org/view.php?id=CVE-2025-20882
04 Feb 2025 — Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20881
https://notcve.org/view.php?id=CVE-2025-20881
04 Feb 2025 — Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. • https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=01 •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49422
https://notcve.org/view.php?id=CVE-2024-49422
31 Dec 2024 — Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability. Un fallo en el mecanismo de protección del cargador de arranque anterior a la versión 1 de SMR de octubre de 2024 permite a los atacantes físicos restablecer el recuento de fallos de la pantalla de bloqueo mediante la inyección de un fallo de hardware. Se requiere la interacción del ... • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-49415 – Samsung S24 APE Decoder Out-Of-Bounds Write
https://notcve.org/view.php?id=CVE-2024-49415
03 Dec 2024 — Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. La escritura fuera de los límites en libsaped.so anterior a SMR Dec-2024 Release 1 permite a atacantes remotos ejecutar código arbitrario. There is an out-of-bounds write in the Monkey's Audio (APE) decoder on the Samsung S24. The function saped_rec in libsaped.so writes to a dmabuf allocated by the C2 media service, which always appears to have size 0x120000. While the maximum blocksperframe... • https://packetstorm.news/files/id/183463 •