CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-21076
https://notcve.org/view.php?id=CVE-2018-21076
An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018). Se detectó un problema en dispositivos móviles Samsung con versión de software N(7.x) (chipsets Exynos8890/8895). Se presenta una divulgación de información (un desplazamiento de KASLR) en el Controlador Seguro por medio de un trustlet modificado. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2017-18690
https://notcve.org/view.php?id=CVE-2017-18690
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the sensor hub. The Samsung ID is SVE-2016-7484 (January 2017). Se detectó un problema en dispositivos móviles Samsung con versiones de software KK(4.4), L(5.0 / 5.1), M(6.0) y N(7.0) (Exynos54xx, Exynos7420, Exynos8890 o Exynos8895). Se presenta un desbordamiento del búfer en el sensor hub. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2017-18692
https://notcve.org/view.php?id=CVE-2017-18692
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software. There is a race condition, with a resultant buffer overflow, in the sec_ts touchscreen sysfs interface. The Samsung ID is SVE-2016-7501 (January 2017). Se detectó un problema en dispositivos móviles Samsung con versiones de software M(6.0) y N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890 o Exynos8895). Se presenta una condición de carrera, con un desbordamiento del búfer resultante, en la interfaz sysfs de la pantalla táctil de sec_ts. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2019-20610
https://notcve.org/view.php?id=CVE-2019-20610
An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019). Se detectó un problema en dispositivos móviles Samsung con versiones de software N(7.X) y O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895 y 9810). Una vulnerabilidad de doble extracción en Trustlet permite una ejecución arbitraria de código TEE. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 13EXPL: 0CVE-2019-20607
https://notcve.org/view.php?id=CVE-2019-20607
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019). Se detectó un problema en dispositivos móviles Samsung con versiones de software N(7.x), O(8.x) y P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890 y Exynos8895). Un desbordamiento de pila (heap) en el keymaster Trustlet permite a atacantes escribir en la memoria TEE y lograr una ejecución de código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-787: Out-of-bounds Write •