Updates

Samsung August 2021 Security Patch Details – New Fixes [CVEs/SVEs]

Published

3 years ago

August 3, 2021

Samsung has recently released its updated security bulletin, which details the exact changes that come with the August 2021 security patch for Galaxy devices. The company’s latest security update brings fixes for dozens of vulnerabilities and exploits for enhanced system stability.

According to the South Korean tech giant, the August 2021 security patch update includes fixes for 38 CVEs in which 3 are critical, 23 are high, 9 are moderate, 1 already included in previous updates, and 3 do not apply to Samsung devices.

Stay connected with us on Telegram

In addition to the above-mentioned fixes for Android OS from Google, Samsung also added fixes for 8 SVEs specifically for Galaxy devices. You can see the latest August 2021 security patch CVEs fixes below, followed by SVEs fixes.

August 2021 Security Patch

Critical

CVE-2021-0592, CVE-2021-1965

High

CVE-2021-1931, CVE-2021-1940, CVE-2021-1953, CVE-2021-1943, CVE-2021-1964, CVE-2021-1907, CVE-2021-1955, CVE-2021-1945, CVE-2021-1970, CVE-2021-1954, CVE-2020-0368, CVE-2021-0514, CVE-2021-0515, CVE-2021-0603, CVE-2021-0640, CVE-2021-0645, CVE-2021-0646, CVE-2021-0519, CVE-2021-0591, CVE-2021-0593, CVE-2021-0584, CVE-2021-0641, CVE-2021-0642

Moderate

CVE-2021-0555, CVE-2020-1971, CVE-2021-0567, CVE-2021-0570, CVE-2021-0572, CVE-2021-0557, CVE-2021-0558, CVE-2021-0559, CVE-2021-0561

Already included in previous updates

CVE-2021-1938

Not applicable to Samsung devices

CVE-2020-11307, CVE-2021-0577, CVE-2021-0550

As said already, Samsung offers 8 SVE items described below in order to increase Galaxy device owners’ confidence on security of Samsung mobile phones. Samsung security index (SSI), found in “Security software version”, SMR August-2021 Release 1 includes all patches from Samsung and Google

SVE-2021-20831 (CVE-2021-25443): UAF in conn_gadget driver

Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: February 26, 2021
Disclosure status: Privately disclosed.
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
The patch adds proper check logic to prevent use after free.

SVE-2021-21948 (CVE-2021-25444): IV reuse in Keymaster TA

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0)
Reported on: May 25, 2021
Disclosure status: Privately disclosed.
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
The patch prevents reusing IV by blocking addition of custom IV.

Related Topics:August 2021 Security Patch SAMSUNG