SystemUI
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34595 | Hig | 0.51 | 7.8 | 0.00 | Jul 2, 2024 | Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | ||
| CVE-2024-34585 | Hig | 0.51 | 7.8 | 0.00 | Jul 2, 2024 | Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | ||
| CVE-2024-20891 | Hig | 0.51 | 7.8 | 0.00 | Jul 2, 2024 | Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. | ||
| CVE-2020-26604 | Hig | 0.49 | 7.5 | 0.00 | Oct 6, 2020 | An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020). | ||
| CVE-2016-9277 | Hig | 0.49 | 7.5 | 0.01 | Nov 11, 2016 | Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. | ||
| CVE-2023-21458 | Med | 0.40 | 6.2 | 0.00 | Mar 16, 2023 | Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent. | ||
| CVE-2022-36861 | Med | 0.38 | 5.9 | 0.00 | Sep 9, 2022 | Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. | ||
| CVE-2021-25474 | Med | 0.29 | 4.4 | 0.00 | Oct 6, 2021 | Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset. | ||
| CVE-2021-25473 | Med | 0.29 | 4.4 | 0.00 | Oct 6, 2021 | Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset. | ||
| CVE-2025-21029 | Med | 0.26 | 4.0 | 0.00 | Sep 3, 2025 | Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display. | ||
| CVE-2024-34677 | Med | 0.26 | 4.0 | 0.00 | Nov 6, 2024 | Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate. | ||
| CVE-2015-6630 | 0.00 | — | 0.00 | Dec 8, 2015 | SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797. |
- risk 0.51cvss 7.8epss 0.00
Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
- risk 0.51cvss 7.8epss 0.00
Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
- risk 0.51cvss 7.8epss 0.00
Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
- risk 0.49cvss 7.5epss 0.00
An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).
- risk 0.49cvss 7.5epss 0.01
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.
- risk 0.40cvss 6.2epss 0.00
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.
- risk 0.38cvss 5.9epss 0.00
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege.
- risk 0.29cvss 4.4epss 0.00
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
- risk 0.29cvss 4.4epss 0.00
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
- risk 0.26cvss 4.0epss 0.00
Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.
- risk 0.26cvss 4.0epss 0.00
Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
- CVE-2015-6630Dec 8, 2015risk 0.00cvss —epss 0.00
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797.