Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4964 | 0.01 | — | 0.08 | Nov 28, 2012 | The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | |||
| CVE-2026-21005 | 0.00 | — | 0.00 | Mar 16, 2026 | Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege. | |||
| CVE-2026-21004 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. | |||
| CVE-2026-20999 | 0.00 | — | 0.00 | Mar 16, 2026 | Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. | |||
| CVE-2026-20998 | 0.00 | — | 0.01 | Mar 16, 2026 | Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | |||
| CVE-2026-20997 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | |||
| CVE-2026-20996 | 0.00 | — | 0.00 | Mar 16, 2026 | Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | |||
| CVE-2026-20995 | 0.00 | — | 0.00 | Mar 16, 2026 | Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration. | |||
| CVE-2026-20992 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. | |||
| CVE-2026-20991 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. | |||
| CVE-2026-20990 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. | |||
| CVE-2026-20989 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. | |||
| CVE-2026-20988 | 0.00 | — | 0.00 | Mar 16, 2026 | Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-62814 | 0.00 | — | 0.00 | Mar 3, 2026 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service. | |||
| CVE-2025-66363 | 0.00 | — | 0.00 | Mar 3, 2026 | An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. | |||
| CVE-2025-62816 | 0.00 | — | 0.00 | Mar 3, 2026 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service. | |||
| CVE-2025-62817 | 0.00 | — | 0.00 | Mar 3, 2026 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. | |||
| CVE-2026-20986 | 0.00 | — | 0.00 | Feb 4, 2026 | Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members. | |||
| CVE-2026-20985 | 0.00 | — | 0.00 | Feb 4, 2026 | Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2026-20983 | 0.00 | — | 0.00 | Feb 4, 2026 | Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege. | |||
| CVE-2026-20982 | 0.00 | — | 0.00 | Feb 4, 2026 | Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege. | |||
| CVE-2026-20981 | 0.00 | — | 0.00 | Feb 4, 2026 | Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege. | |||
| CVE-2026-20980 | 0.00 | — | 0.00 | Feb 4, 2026 | Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands. | |||
| CVE-2026-20979 | 0.00 | — | 0.00 | Feb 4, 2026 | Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege. | |||
| CVE-2026-20978 | 0.00 | — | 0.00 | Feb 4, 2026 | Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application. | |||
| CVE-2026-20977 | 0.00 | — | 0.00 | Feb 4, 2026 | Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning. | |||
| CVE-2025-58341 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write… | |||
| CVE-2025-58340 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation,… | |||
| CVE-2025-58347 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/p2p_certif write operation,… | |||
| CVE-2025-58344 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation,… | |||
| CVE-2025-58343 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create_tspec write… | |||
| CVE-2025-58348 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/confg_tspec write operation,… | |||
| CVE-2025-58345 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_certif_11ax_mode write… | |||
| CVE-2025-58342 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation,… | |||
| CVE-2025-59439 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional… | |||
| CVE-2025-58346 | 0.00 | — | 0.00 | Feb 3, 2026 | An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_addts write operation,… | |||
| CVE-2026-25202 | 0.00 | — | 0.00 | Feb 2, 2026 | The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1. | |||
| CVE-2026-25201 | 0.00 | — | 0.00 | Feb 2, 2026 | An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1. | |||
| CVE-2026-25200 | 0.00 | — | 0.00 | Feb 2, 2026 | A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1. | |||
| CVE-2025-71143 | 0.00 | — | 0.00 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with… | |||
| CVE-2026-20976 | 0.00 | — | 0.00 | Jan 9, 2026 | Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script. | |||
| CVE-2026-20975 | 0.00 | — | 0.00 | Jan 9, 2026 | Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path. | |||
| CVE-2026-20974 | 0.00 | — | 0.00 | Jan 9, 2026 | Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock. | |||
| CVE-2026-20973 | 0.00 | — | 0.00 | Jan 9, 2026 | Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory. | |||
| CVE-2026-20972 | 0.00 | — | 0.00 | Jan 9, 2026 | Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB. | |||
| CVE-2026-20971 | 0.00 | — | 0.00 | Jan 9, 2026 | Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code. | |||
| CVE-2026-20970 | 0.00 | — | 0.00 | Jan 9, 2026 | Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs. | |||
| CVE-2026-20969 | 0.00 | — | 0.00 | Jan 9, 2026 | Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2026-20968 | 0.00 | — | 0.00 | Jan 9, 2026 | Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code. | |||
| CVE-2025-52519 | 0.00 | — | 0.00 | Jan 5, 2026 | An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service. |
- CVE-2012-4964Nov 28, 2012risk 0.01cvss —epss 0.08
The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request.
- CVE-2026-21005Mar 16, 2026risk 0.00cvss —epss 0.00
Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege.
- CVE-2026-21004Mar 16, 2026risk 0.00cvss —epss 0.00
Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service.
- CVE-2026-20999Mar 16, 2026risk 0.00cvss —epss 0.00
Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions.
- CVE-2026-20998Mar 16, 2026risk 0.00cvss —epss 0.01
Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication.
- CVE-2026-20997Mar 16, 2026risk 0.00cvss —epss 0.00
Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication.
- CVE-2026-20996Mar 16, 2026risk 0.00cvss —epss 0.00
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication.
- CVE-2026-20995Mar 16, 2026risk 0.00cvss —epss 0.00
Exposure of sensitive functionality to an unauthorized actor in Smart Switch prior to version 3.7.69.15 allows remote attackers to set a specific configuration.
- CVE-2026-20992Mar 16, 2026risk 0.00cvss —epss 0.00
Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.
- CVE-2026-20991Mar 16, 2026risk 0.00cvss —epss 0.00
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.
- CVE-2026-20990Mar 16, 2026risk 0.00cvss —epss 0.00
Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.
- CVE-2026-20989Mar 16, 2026risk 0.00cvss —epss 0.00
Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.
- CVE-2026-20988Mar 16, 2026risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.
- CVE-2025-62814Mar 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
- CVE-2025-66363Mar 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
- CVE-2025-62816Mar 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service.
- CVE-2025-62817Mar 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service.
- CVE-2026-20986Feb 4, 2026risk 0.00cvss —epss 0.00
Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members.
- CVE-2026-20985Feb 4, 2026risk 0.00cvss —epss 0.00
Improper input validation in Samsung Members prior to version 5.6.00.11 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.
- CVE-2026-20983Feb 4, 2026risk 0.00cvss —epss 0.00
Improper export of android application components in Samsung Dialer prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Samsung Dialer privilege.
- CVE-2026-20982Feb 4, 2026risk 0.00cvss —epss 0.00
Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege.
- CVE-2026-20981Feb 4, 2026risk 0.00cvss —epss 0.00
Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege.
- CVE-2026-20980Feb 4, 2026risk 0.00cvss —epss 0.00
Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands.
- CVE-2026-20979Feb 4, 2026risk 0.00cvss —epss 0.00
Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege.
- CVE-2026-20978Feb 4, 2026risk 0.00cvss —epss 0.00
Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application.
- CVE-2026-20977Feb 4, 2026risk 0.00cvss —epss 0.00
Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.
- CVE-2025-58341Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_cert_disable_ht_vht write…
- CVE-2025-58340Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_delts write operation,…
- CVE-2025-58347Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/p2p_certif write operation,…
- CVE-2025-58344Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation in a /proc/driver/unifi0/conn_log_event_burst_to_us write operation,…
- CVE-2025-58343Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create_tspec write…
- CVE-2025-58348Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/confg_tspec write operation,…
- CVE-2025-58345Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_certif_11ax_mode write…
- CVE-2025-58342Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/uapsd write operation,…
- CVE-2025-59439Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional…
- CVE-2025-58346Feb 3, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/send_addts write operation,…
- CVE-2026-25202Feb 2, 2026risk 0.00cvss —epss 0.00
The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1.
- CVE-2026-25201Feb 2, 2026risk 0.00cvss —epss 0.00
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.
- CVE-2026-25200Feb 2, 2026risk 0.00cvss —epss 0.00
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1.
- CVE-2025-71143Jan 14, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with…
- CVE-2026-20976Jan 9, 2026risk 0.00cvss —epss 0.00
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
- CVE-2026-20975Jan 9, 2026risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.
- CVE-2026-20974Jan 9, 2026risk 0.00cvss —epss 0.00
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
- CVE-2026-20973Jan 9, 2026risk 0.00cvss —epss 0.00
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
- CVE-2026-20972Jan 9, 2026risk 0.00cvss —epss 0.00
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
- CVE-2026-20971Jan 9, 2026risk 0.00cvss —epss 0.00
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
- CVE-2026-20970Jan 9, 2026risk 0.00cvss —epss 0.00
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
- CVE-2026-20969Jan 9, 2026risk 0.00cvss —epss 0.00
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
- CVE-2026-20968Jan 9, 2026risk 0.00cvss —epss 0.00
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
- CVE-2025-52519Jan 5, 2026risk 0.00cvss —epss 0.00
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.
Page 8 of 45