mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25396 | Med | 0.44 | 6.7 | 0.00 | Jun 11, 2021 | An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. | ||
| CVE-2021-25363 | Med | 0.44 | 6.8 | 0.00 | Apr 9, 2021 | An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | ||
| CVE-2021-25362 | Med | 0.44 | 6.8 | 0.00 | Apr 9, 2021 | An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. | ||
| CVE-2021-27901 | Med | 0.44 | 6.8 | 0.00 | Mar 2, 2021 | An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021). | ||
| CVE-2020-25280 | Med | 0.44 | 6.8 | 0.00 | Sep 11, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020). | ||
| CVE-2019-20785 | Med | 0.44 | 6.8 | 0.00 | Apr 17, 2020 | An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019). | ||
| CVE-2018-21061 | Med | 0.44 | 6.8 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018). | ||
| CVE-2019-20594 | Med | 0.44 | 6.8 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019). | ||
| CVE-2020-10839 | Med | 0.44 | 6.8 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020). | ||
| CVE-2024-20819 | Med | 0.43 | 6.6 | 0.00 | Feb 6, 2024 | Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | ||
| CVE-2024-20818 | Med | 0.43 | 6.6 | 0.00 | Feb 6, 2024 | Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | ||
| CVE-2024-20817 | Med | 0.43 | 6.6 | 0.00 | Feb 6, 2024 | Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | ||
| CVE-2023-42564 | Med | 0.43 | 6.6 | 0.00 | Dec 5, 2023 | Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege. | ||
| CVE-2023-42533 | Med | 0.43 | 6.6 | 0.00 | Nov 7, 2023 | Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel. | ||
| CVE-2022-27822 | Med | 0.43 | 6.6 | 0.00 | Apr 11, 2022 | Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | ||
| CVE-2021-25393 | Med | 0.43 | 6.6 | 0.00 | Jun 11, 2021 | Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. | ||
| CVE-2022-39902 | Med | 0.42 | 6.5 | 0.01 | Dec 8, 2022 | Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. | ||
| CVE-2022-39901 | Med | 0.42 | 6.5 | 0.00 | Dec 8, 2022 | Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. | ||
| CVE-2022-39854 | Med | 0.42 | 6.4 | 0.00 | Oct 7, 2022 | Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. | ||
| CVE-2022-25818 | Med | 0.42 | 6.5 | 0.00 | Mar 10, 2022 | Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. |
- risk 0.44cvss 6.7epss 0.00
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
- risk 0.44cvss 6.8epss 0.00
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.
- risk 0.44cvss 6.8epss 0.00
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.
- risk 0.44cvss 6.8epss 0.00
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
- risk 0.44cvss 6.8epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020).
- risk 0.44cvss 6.8epss 0.00
An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019).
- risk 0.44cvss 6.8epss 0.00
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018).
- risk 0.44cvss 6.8epss 0.00
An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019).
- risk 0.44cvss 6.8epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020).
- risk 0.43cvss 6.6epss 0.00
Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
- risk 0.43cvss 6.6epss 0.00
Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
- risk 0.43cvss 6.6epss 0.00
Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
- risk 0.43cvss 6.6epss 0.00
Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.
- risk 0.43cvss 6.6epss 0.00
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.
- risk 0.43cvss 6.6epss 0.00
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
- risk 0.43cvss 6.6epss 0.00
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
- risk 0.42cvss 6.5epss 0.01
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call.
- risk 0.42cvss 6.5epss 0.00
Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.
- risk 0.42cvss 6.4epss 0.00
Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
- risk 0.42cvss 6.5epss 0.00
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.
Page 13 of 46