| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020). |
| An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019). |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019). |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019). |
| An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019). |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019). |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) devices (Exynos9810 chipsets) software. There is a use after free in the ion driver. The Samsung ID is SVE-2019-14837 (August 2019). |
| An issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019). |
| An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. load_kernel has a buffer overflow via untrusted data. The Samsung ID is SVE-2019-14939 (September 2019). |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a Buffer Overflow in the Touch Screen Driver. The Samsung ID is SVE-2019-14990 (October 2019). |
| An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019). |
| An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October 2019). |
| On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. |
| On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic. |
| An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018). |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). |
| An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension (CE) is not used. The Samsung ID is SVE-2018-12761 (September 2018). |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018). |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018). |
