Search criteria
502 vulnerabilities
CVE-2026-20987 (GCVE-0-2026-20987)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:58
VLAI?
Summary
Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | GalaxyDiagnostics |
Unaffected:
3.5.050
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20987",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:58:43.040550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:58:49.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GalaxyDiagnostics",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "3.5.050"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in GalaxyDiagnostics prior to version 3.5.050 allows local privileged attackers to execute privileged commands."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:50.618Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20987",
"datePublished": "2026-02-04T06:14:50.618Z",
"dateReserved": "2025-12-11T01:33:35.800Z",
"dateUpdated": "2026-02-04T16:58:49.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20986 (GCVE-0-2026-20986)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:58
VLAI?
Summary
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Chinese Samsung Members |
Unaffected:
15.5.05.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:58:23.254078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:58:28.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Chinese Samsung Members",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "15.5.05.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:49.397Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20986",
"datePublished": "2026-02-04T06:14:49.397Z",
"dateReserved": "2025-12-11T01:33:35.800Z",
"dateUpdated": "2026-02-04T16:58:28.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20985 (GCVE-0-2026-20985)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:58
VLAI?
Summary
Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Members |
Unaffected:
5.6.00.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:57:58.254118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:58:05.810Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Members",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "5.6.00.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:48.243Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20985",
"datePublished": "2026-02-04T06:14:48.243Z",
"dateReserved": "2025-12-11T01:33:35.800Z",
"dateUpdated": "2026-02-04T16:58:05.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20984 (GCVE-0-2026-20984)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:57
VLAI?
Summary
Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information.
Severity ?
CWE
- CWE-280 - Improper handling of insufficient permission
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Galaxy Wearable |
Unaffected:
2.2.68
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:57:32.382120Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:57:38.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Galaxy Wearable",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "2.2.68"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-280: Improper handling of insufficient permission",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:47.058Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20984",
"datePublished": "2026-02-04T06:14:47.058Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-02-04T16:57:38.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20983 (GCVE-0-2026-20983)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-05 04:55
VLAI?
Summary
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.
Severity ?
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Feb-2026 Release in Android 13, 14, 15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-05T04:55:16.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Feb-2026 Release in Android 13, 14, 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926: Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:45.725Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20983",
"datePublished": "2026-02-04T06:14:45.725Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-02-05T04:55:16.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20982 (GCVE-0-2026-20982)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:56
VLAI?
Summary
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.
Severity ?
CWE
- CWE-35 - Path Traversal
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Feb-2026 Release in Android 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:56:45.876514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:56:51.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Feb-2026 Release in Android 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-35: Path Traversal",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:44.359Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20982",
"datePublished": "2026-02-04T06:14:44.359Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-02-04T16:56:51.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20981 (GCVE-0-2026-20981)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:56
VLAI?
Summary
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Feb-2026 Release in Android 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:56:22.515783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:56:29.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Feb-2026 Release in Android 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:43.177Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20981",
"datePublished": "2026-02-04T06:14:43.177Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-02-04T16:56:29.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20980 (GCVE-0-2026-20980)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:56
VLAI?
Summary
Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Feb-2026 Release in Android 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:55:58.268246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:56:04.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Feb-2026 Release in Android 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:41.437Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20980",
"datePublished": "2026-02-04T06:14:41.437Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-02-04T16:56:04.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20979 (GCVE-0-2026-20979)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-06 04:55
VLAI?
Summary
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Feb-2026 Release in Android 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T04:55:19.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Feb-2026 Release in Android 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-269 Impoper Privilege Management",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:40.116Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20979",
"datePublished": "2026-02-04T06:14:40.116Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-02-06T04:55:19.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20978 (GCVE-0-2026-20978)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:55
VLAI?
Summary
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Feb-2026 Release in Android 13, 14, 15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:54:58.485951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:55:05.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Feb-2026 Release in Android 13, 14, 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-269 Impoper Privilege Management",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:38.682Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20978",
"datePublished": "2026-02-04T06:14:38.682Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-02-04T16:55:05.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20977 (GCVE-0-2026-20977)
Vulnerability from cvelistv5 – Published: 2026-02-04 06:14 – Updated: 2026-02-04 16:54
VLAI?
Summary
Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Feb-2026 Release in Android 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T16:54:28.321530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T16:54:35.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Feb-2026 Release in Android 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T06:14:37.454Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=02"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20977",
"datePublished": "2026-02-04T06:14:37.454Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-02-04T16:54:35.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20976 (GCVE-0-2026-20976)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:17 – Updated: 2026-01-09 19:10
VLAI?
Summary
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Galaxy Store |
Unaffected:
4.6.02
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T19:08:14.243909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T19:10:00.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Galaxy Store",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.6.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:17:10.980Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20976",
"datePublished": "2026-01-09T06:17:10.980Z",
"dateReserved": "2025-12-11T01:33:35.799Z",
"dateUpdated": "2026-01-09T19:10:00.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20975 (GCVE-0-2026-20975)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:16 – Updated: 2026-01-09 19:09
VLAI?
Summary
Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.
Severity ?
CWE
- CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Cloud |
Unaffected:
5.6.11
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T19:08:19.535784Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T19:09:53.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Cloud",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "5.6.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:16:59.823Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20975",
"datePublished": "2026-01-09T06:16:59.823Z",
"dateReserved": "2025-12-11T01:33:35.798Z",
"dateUpdated": "2026-01-09T19:09:53.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20974 (GCVE-0-2026-20974)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:16 – Updated: 2026-01-09 19:09
VLAI?
Summary
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2026 Release in Selected Android 13, 14, 15, 16 devices
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T19:08:28.349348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T19:09:42.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2026 Release in Selected Android 13, 14, 15, 16 devices"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:16:48.700Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20974",
"datePublished": "2026-01-09T06:16:48.700Z",
"dateReserved": "2025-12-11T01:33:35.798Z",
"dateUpdated": "2026-01-09T19:09:42.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20973 (GCVE-0-2026-20973)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:16 – Updated: 2026-01-09 19:09
VLAI?
Summary
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2026 Release in Android 13, 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T19:08:45.534712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T19:09:34.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2026 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:16:37.517Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20973",
"datePublished": "2026-01-09T06:16:37.517Z",
"dateReserved": "2025-12-11T01:33:35.798Z",
"dateUpdated": "2026-01-09T19:09:34.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20972 (GCVE-0-2026-20972)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:16 – Updated: 2026-01-09 19:18
VLAI?
Summary
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
Severity ?
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2026 Release in Android 13, 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T19:14:34.943731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T19:18:11.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2026 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926 : Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:16:26.298Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20972",
"datePublished": "2026-01-09T06:16:26.298Z",
"dateReserved": "2025-12-11T01:33:35.798Z",
"dateUpdated": "2026-01-09T19:18:11.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20971 (GCVE-0-2026-20971)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:16 – Updated: 2026-01-10 04:55
VLAI?
Summary
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2026 Release in Android 13, 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T04:55:50.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2026 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-416 Use After Free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:16:15.202Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20971",
"datePublished": "2026-01-09T06:16:15.202Z",
"dateReserved": "2025-12-11T01:33:35.798Z",
"dateUpdated": "2026-01-10T04:55:50.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20970 (GCVE-0-2026-20970)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:16 – Updated: 2026-01-10 04:55
VLAI?
Summary
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2026 Release in Android 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T04:55:49.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2026 Release in Android 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:16:03.983Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20970",
"datePublished": "2026-01-09T06:16:03.983Z",
"dateReserved": "2025-12-11T01:33:35.798Z",
"dateUpdated": "2026-01-10T04:55:49.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20969 (GCVE-0-2026-20969)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:15 – Updated: 2026-01-09 19:18
VLAI?
Summary
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2026 Release in Selected Android 13, 14, 15, 16 devices
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T19:14:43.182761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T19:18:02.710Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2026 Release in Selected Android 13, 14, 15, 16 devices"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:15:52.859Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20969",
"datePublished": "2026-01-09T06:15:52.859Z",
"dateReserved": "2025-12-11T01:33:35.798Z",
"dateUpdated": "2026-01-09T19:18:02.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20968 (GCVE-0-2026-20968)
Vulnerability from cvelistv5 – Published: 2026-01-09 06:15 – Updated: 2026-01-10 04:55
VLAI?
Summary
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2026 Release in Android 13, 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T04:55:52.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2026 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-416: Use After Free",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T06:15:41.575Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2026\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2026-20968",
"datePublished": "2026-01-09T06:15:41.575Z",
"dateReserved": "2025-12-11T01:33:35.797Z",
"dateUpdated": "2026-01-10T04:55:52.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58488 (GCVE-0-2025-58488)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:55
VLAI?
Summary
Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability.
Severity ?
4.5 (Medium)
CWE
- CWE-940 - Improper Verification of Source of a Communication Channel
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | SmartTouchCall |
Unaffected:
1.0.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:40.964944Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:55:39.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SmartTouchCall",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.0.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-940: Improper Verification of Source of a Communication Channel",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:35.134Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58488",
"datePublished": "2025-12-02T01:24:35.134Z",
"dateReserved": "2025-09-03T06:13:48.469Z",
"dateUpdated": "2025-12-02T16:55:39.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58487 (GCVE-0-2025-58487)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:55
VLAI?
Summary
Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
Severity ?
4 (Medium)
CWE
- CWE-285 - Improper Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Account |
Unaffected:
15.5.01.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:43.649227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:55:48.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Account",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "15.5.01.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-285: Improper Authorization",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:33.938Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58487",
"datePublished": "2025-12-02T01:24:33.938Z",
"dateReserved": "2025-09-03T06:13:48.469Z",
"dateUpdated": "2025-12-02T16:55:48.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58486 (GCVE-0-2025-58486)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:55
VLAI?
Summary
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
Severity ?
4 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Account |
Unaffected:
15.5.01.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:45.984575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:55:55.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Account",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "15.5.01.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:32.755Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58486",
"datePublished": "2025-12-02T01:24:32.755Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:55:55.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58485 (GCVE-0-2025-58485)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:56
VLAI?
Summary
Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
Severity ?
5.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Internet |
Unaffected:
29.0.0.48
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:48.323019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:04.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Internet",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "29.0.0.48"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:31.599Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58485",
"datePublished": "2025-12-02T01:24:31.599Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:04.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58484 (GCVE-0-2025-58484)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:56
VLAI?
Summary
Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox.
Severity ?
4 (Medium)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Cloud Assistant |
Unaffected:
8.0.03.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:50.495731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:12.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Cloud Assistant",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "8.0.03.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:30.475Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58484",
"datePublished": "2025-12-02T01:24:30.475Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:12.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58483 (GCVE-0-2025-58483)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:56
VLAI?
Summary
Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
Severity ?
5.9 (Medium)
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Galaxy Store for Galaxy Watch |
Unaffected:
1.0.06.29
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:52.950736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:19.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Galaxy Store for Galaxy Watch",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "1.0.06.29"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926: Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:29.344Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58483",
"datePublished": "2025-12-02T01:24:29.344Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:19.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58482 (GCVE-0-2025-58482)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-03 04:55
VLAI?
Summary
Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
Severity ?
7.3 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | MotionPhoto |
Unaffected:
4.1.51
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T04:55:36.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MotionPhoto",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.1.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:28.117Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58482",
"datePublished": "2025-12-02T01:24:28.117Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-03T04:55:36.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58481 (GCVE-0-2025-58481)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-03 04:55
VLAI?
Summary
Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
Severity ?
7.3 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | MotionPhoto |
Unaffected:
4.1.51
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T04:55:37.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MotionPhoto",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "4.1.51"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:26.944Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58481",
"datePublished": "2025-12-02T01:24:26.944Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-03T04:55:37.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58480 (GCVE-0-2025-58480)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:56
VLAI?
Summary
Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Severity ?
4.3 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Dec-2025 Release in Android 13, 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:55.323216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:41.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:25.777Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58480",
"datePublished": "2025-12-02T01:24:25.777Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:41.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58479 (GCVE-0-2025-58479)
Vulnerability from cvelistv5 – Published: 2025-12-02 01:24 – Updated: 2025-12-02 16:56
VLAI?
Summary
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
Severity ?
4.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Dec-2025 Release in Android 13, 14, 15, 16
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T16:50:57.618509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T16:56:48.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Dec-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T01:24:24.635Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-58479",
"datePublished": "2025-12-02T01:24:24.635Z",
"dateReserved": "2025-09-03T06:13:48.468Z",
"dateUpdated": "2025-12-02T16:56:48.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}