Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-25822MEDIUMAn use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.EPSS 0.1%CVE-2026-21027MEDIUMImproper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging fEPSS 0.1%CVE-2026-20992MEDIUMImproper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage ofEPSS 0.1%CVE-2022-39905MEDIUMImplicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive informatiEPSS 0.1%CVE-2022-33732MEDIUMImproper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PCEPSS 0.1%CVE-2025-20979HIGHOut-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.EPSS 0.1%CVE-2026-20988MEDIUMImproper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary EPSS 0.1%CVE-2022-39894MEDIUMImproper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive EPSS 0.1%CVE-2022-39914MEDIUMExposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows loEPSS 0.1%CVE-2022-39856MEDIUMImproper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call informEPSS 0.1%CVE-2022-39903MEDIUMImproper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.EPSS 0.1%CVE-2022-39885MEDIUMImproper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attackeEPSS 0.1%CVE-2022-39848MEDIUMExposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.EPSS 0.1%CVE-2022-39887MEDIUMImproper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configurEPSS 0.1%CVE-2022-39895MEDIUMImproper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group informatioEPSS 0.1%CVE-2022-39886MEDIUMImproper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access EPSS 0.1%CVE-2022-39912MEDIUMImproper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows EPSS 0.1%CVE-2022-39879MEDIUMImproper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessiEPSS 0.1%CVE-2022-39850Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration datEPSS 0.1%CVE-2022-39849Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.EPSS 0.1%