CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25356
https://notcve.org/view.php?id=CVE-2021-25356
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. Una vulnerabilidad de comprobación de llamada inapropiada en Managed Provisioning anterior a versión SMR APR-2021 Release 1, permite a una aplicación no privilegiada instalar una aplicación arbitraria, otorgar permiso de administrador al dispositivo y luego eliminar varias aplicaciones instaladas • https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1 https://security.samsungmobile.com https://security.samsungmobile.com/securityUpdate.smsb • CWE-20: Improper Input Validation CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2021-30162
https://notcve.org/view.php?id=CVE-2021-30162
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). Se detectó un problema en los dispositivos móviles de LG con software Android OS versiones 4.4 hasta 11. Los atacantes pueden aprovechar servicios ISMS para omitir el control de acceso en proveedores de contenido específicos. • https://lgsecurity.lge.com •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-25370 – Samsung Mobile Devices Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2021-25370
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. Un descriptor de archivo con manejo de implementación incorrecta en el controlador dpu versiones anteriores a SMR Mar-2021 Release 1, resulta en una corrupción de memoria que conlleva a un pánico del kernel. Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. • https://security.samsungmobile.com https://security.samsungmobile.com/securityUpdate.smsb • CWE-416: Use After Free •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25369 – Samsung Mobile Devices Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2021-25369
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. Una vulnerabilidad de control de acceso inapropiado en el archivo sec_log versiones anteriores a SMR MAR-2021 Release 1, expone información confidencial del kernel al espacio de usuario. Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. • https://security.samsungmobile.com https://security.samsungmobile.com/securityUpdate.smsb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-25351
https://notcve.org/view.php?id=CVE-2021-25351
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. Un control de acceso inapropiado en la función EmailValidationView en Samsung Account versiones anteriores a 10.7.0.7 y 12.1.1.3, permite a atacantes cercanos físicamente cerrar la sesión de la cuenta de usuario en el dispositivo sin contraseña de usuario • https://security.samsungmobile.com https://security.samsungmobile.com/serviceWeb.smsb • CWE-285: Improper Authorization •