Total
20 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2022-10-25 | 3.6 LOW | 5.2 MEDIUM |
Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | |||||
CVE-2021-25500 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2022-08-01 | 2.1 LOW | 4.4 MEDIUM |
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. | |||||
CVE-2021-25411 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2022-07-30 | 2.1 LOW | 4.4 MEDIUM |
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. | |||||
CVE-2022-27834 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2022-04-18 | 4.4 MEDIUM | 7.0 HIGH |
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. | |||||
CVE-2022-27833 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2022-04-18 | 4.6 MEDIUM | 7.8 HIGH |
Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. | |||||
CVE-2021-25467 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-10-14 | 7.2 HIGH | 6.7 MEDIUM |
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. | |||||
CVE-2021-25475 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-10-13 | 7.2 HIGH | 6.7 MEDIUM |
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | |||||
CVE-2021-25452 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-09-23 | 4.9 MEDIUM | 5.5 MEDIUM |
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. | |||||
CVE-2021-25457 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-09-22 | 2.1 LOW | 3.3 LOW |
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. | |||||
CVE-2021-25407 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-09-21 | 4.6 MEDIUM | 7.8 HIGH |
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. | |||||
CVE-2020-25052 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020). | |||||
CVE-2021-25416 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2021-06-16 | 2.1 LOW | 6.5 MEDIUM |
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. | |||||
CVE-2021-25408 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-06-16 | 4.6 MEDIUM | 7.8 HIGH |
A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. | |||||
CVE-2021-25415 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2021-06-16 | 2.1 LOW | 5.5 MEDIUM |
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. | |||||
CVE-2021-25396 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-06-16 | 4.6 MEDIUM | 6.7 MEDIUM |
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. | |||||
CVE-2021-25371 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-04-01 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. | |||||
CVE-2021-25372 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-04-01 | 7.2 HIGH | 6.7 MEDIUM |
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. | |||||
CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2021-03-11 | 2.1 LOW | 5.2 MEDIUM |
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | |||||
CVE-2020-28343 | 2 Google, Samsung | 4 Android, Exynos 980, Exynos 9820 and 1 more | 2020-11-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020). | |||||
CVE-2020-25053 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020). |