Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-36842MEDIUMA heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-202EPSS 0.1%CVE-2025-21040MEDIUMImproper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerarEPSS 0.1%CVE-2025-58484MEDIUMIncorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox.EPSS 0.1%CVE-2022-36862MEDIUMA heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR SeEPSS 0.1%CVE-2022-36855MEDIUMA use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.EPSS 0.1%CVE-2022-36858MEDIUMA heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior toEPSS 0.1%CVE-2025-21028MEDIUMImproper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.EPSS 0.1%CVE-2025-21026MEDIUMImproper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.EPSS 0.1%CVE-2022-25820MEDIUMA vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attacEPSS 0.1%CVE-2021-25500HIGHA missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.EPSS 0.1%CVE-2023-21441HIGHInsufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(EPSS 0.1%CVE-2021-25472MEDIUMAn improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrEPSS 0.1%CVE-2025-58485MEDIUMImproper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.EPSS 0.1%CVE-2022-27832MEDIUMImproper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a craftedEPSS 0.1%CVE-2022-23429MEDIUMAn improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to applEPSS 0.1%CVE-2026-21036MEDIUMImproper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.EPSS 0.1%CVE-2022-23427LOWPendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media fiEPSS 0.1%CVE-2022-30729LOWImplicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a maEPSS 0.1%CVE-2022-39852HIGHA heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker toEPSS 0.1%CVE-2022-33686LOWExposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.EPSS 0.1%