CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2023-41111
https://notcve.org/view.php?id=CVE-2023-41111
08 Nov 2023 — An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. Se descubrió un problema en Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 98... • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2023-41112
https://notcve.org/view.php?id=CVE-2023-41112
08 Nov 2023 — An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. Se descubrió un problema en Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 9... • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2023-37368
https://notcve.org/view.php?id=CVE-2023-37368
08 Sep 2023 — An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet. Se descub... • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2023-36481
https://notcve.org/view.php?id=CVE-2023-36481
28 Aug 2023 — An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop. • https://semiconductor.samsung.com/support/quality-support/product-security-updates • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-25415
https://notcve.org/view.php?id=CVE-2021-25415
11 Jun 2021 — Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. Asumiendo que EL1 esté comprometido, una comprobación de direcciones inapropiada en RKP versiones anteriores a SMR JUN-2021 Release 1, permite a atacantes locales reasignar la memoria del EL2 como escribible • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-25416
https://notcve.org/view.php?id=CVE-2021-25416
11 Jun 2021 — Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. Asumiendo que EL1 esté comprometido, una comprobación de direcciones inapropiada en RKP anterior a la versión SMR JUN-2021 Release 1 permite a atacantes locales crear una página del kernel ejecutable fuera del área de código • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-25411
https://notcve.org/view.php?id=CVE-2021-25411
11 Jun 2021 — Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. Una vulnerabilidad de comprobación de direcciones inapropiada en RKP api versiones anteriores a SMR JUN-2021 Release 1, permite a atacantes locales privilegiados de root escribir en la memoria del kernel de sólo lectura • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-21043
https://notcve.org/view.php?id=CVE-2018-21043
08 Apr 2020 — An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). Se detectó un problema en dispositivos móviles Samsung con versiones de software O(8.x) y P(9.0) (chipsets Exynos 9810). Se presenta una divulgación de información sobre un puntero de kernel en el controlador g2d_drv debido al registro. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-21040
https://notcve.org/view.php?id=CVE-2018-21040
08 Apr 2020 — An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018). Se detectó un problema en dispositivos móviles Samsung con versiones de software O(8.x) y P(9.0) (chipsets Exynos 9810). Se presenta una condición de carrera con un uso de la memoria previamente liberada resultante en el controlador g2d. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2019-20610
https://notcve.org/view.php?id=CVE-2019-20610
24 Mar 2020 — An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019). Se detectó un problema en dispositivos móviles Samsung con versiones de software N(7.X) y O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895 y 9810). Una vulnerabilidad de doble extracción en Trustlet permite una ejecución arbitraria de códig... • https://security.samsungmobile.com/securityUpdate.smsb • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •