Samsung September 2021 Security Patch Details – New Fixes (CVE/SVE)

Though a bit late, but Samsung has finally released its September 2021 One UI security patch details alongside the Android patches by Google. As always, the newly published security bulletin brings detailed information including different levels of CVEs such as critical, high and moderate as well as Samsung SVEs.

If we go with Samsung’s official Firmware Updates support page, the September 2021 security patch comes with fixes for 3 critical, 29 high, and 14 moderate CVEs from Google. At the same time, 2 CVEs had already been included in previous updates, while 9 are not applicable on Galaxies.

Below, you can see the CVEs that will be fixed on your Samsung Galaxy device after upgrading to September 2021 security patch.

Critical

• CVE-2021-1972, CVE-2021-1976, CVE-2021-0687

High

• CVE-2021-28375, CVE-2020-14381, CVE-2021-0582, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-30261, CVE-2021-30260, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-0639, CVE-2019-10581, CVE-2021-0518, CVE-2021-0595, CVE-2021-0683, CVE-2021-0684, CVE-2021-0685, CVE-2021-0688, CVE-2021-0686, CVE-2021-0689, CVE-2021-0690, CVE-2021-0598, CVE-2021-0692, CVE-2021-0428, CVE-2021-0644, CVE-2021-0682, CVE-2021-0693

Moderate

• CVE-2021-0565, CVE-2021-0556, CVE-2021-0562, CVE-2021-0566, CVE-2021-0536, CVE-2021-0537, CVE-2021-0538, CVE-2021-0539, CVE-2021-0547, CVE-2021-0548, CVE-2021-0553, CVE-2021-0549, CVE-2021-0552, CVE-2021-0691

Already included in previous updates

• CVE-2021-3347, CVE-2021-0564

Not applicable to Samsung devices

• CVE-2021-1919, CVE-2021-1916, CVE-2021-1920, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-1914, CVE-2021-1978, CVE-2020-3633

Join Sammy Fans on Telegram

Aside from CVE fixes, Samsung also offers additional security improvements, better known as SVE, especially for the Galaxy consumers. This month, the company bringing repairs for 23 Samsung Vulnerabilities and Exposures (SVE) items. (Some of them mentioned below)

SVE-2021-21619 (CVE-2021-25457): Kernel Information Disclosure in the Vision DSP Kernel Driver

Severity: Moderate

Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets

• An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
• The patch adds proper input validation in DSP driver.

SVE-2021-21943 (CVE-2021-25450): Path traversal vulnerability in FactoryAirCommandManager

Severity: High

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

• Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
• The patch addresses incorrect implementation of file path validation check logic.

SVE-2021-22094 (CVE-2021-25449): Arbitrary code execution on mediaextractor process

Severity: Moderate

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

• An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
• The patch adds proper input check to prevent buffer overflow.

SVE-2021-21959 (CVE-2021-25452): Kernel Permanent Denial of Service Vulnerability in the Vision DSP Kernel Driver

Severity: Moderate

Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets

• An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
• The patch adds proper input check to prevent loading unintended file in path.

SVE-2021-21041 (CVE-2021-25453): Leak Bluetooth information through Broadcast in Bluetooth app

Severity: High

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

• Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
• The patches add proper access control to prevent Bluetooth information leak.

SVE-2021-21620 (CVE-2021-25458): NULL pointer dereference vulnerability in the ION Driver

Severity: Low

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets

• NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
• The patch adds proper input check to prevent null pointer dereference.

SVE-2021-22602 (CVE-2021-25459): Improper access control in BlockChainService

Severity: Moderate

Affected versions: Select Q(10.0), R(11.0)

• An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
• The patch adds the proper permission check to prevent improper access to BlockchainTZService.

SVE-2021-22603 (CVE-2021-25460): Improper access control in BlockChainService

Severity: Moderate

Affected versions: Select Q(10.0), R(11.0)

• An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
• The patch adds the proper permission check to prevent improper access to BlockchainTZService.

SVE-2021-22411 (CVE-2021-25461): APAService Stack Overflow

Severity: Low

Affected versions: O(8.1)

• An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
• The patch adds proper length check in APAService.

SVE-2021-21413 (CVE-2021-25451): Sensitive information disclosure in NetworkPolicyManagerService

Severity: Moderate

Affected versions: P(9.0), Q(10.0), R(11.0)

• A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
• The patch addresses the intent in NetworkPolicyManagerService to prevent unprivileged access.

SVE-2021-22278 (CVE-2021-25454): OOB read vulnerability in ‘libsaacextractor.so’

Severity: Low

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

• OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
• The patch adds length check code in libsaacextractor library.

SVE-2021-22291 (CVE-2021-25455): OOB read vulnerability in ‘libsaviextractor.so’

Severity: Low

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

• OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
• The patch adds length check code in libsaviextractor library.

SVE-2021-22343 (CVE-2021-25456): OOB read vulnerability in ‘libswmfextractor.so’

Severity: Moderate

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

• OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
• The patch adds length check code in libswmfextractor library.

SVE-2021-21969 (CVE-2021-25462): Null Pointer Dereference vulnerability in the NPU Driver

Severity: Low

Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets

• NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
• The patch adds proper input check to prevent null pointer dereference.

Samsung One UI 3.1.1

Released alongside the Galaxy Z Fold 3 and Galaxy Z Flip 3, the One UI 3.1.1 version is making its way to more and more Galaxy devices through software updates. So far, the company’s every flagship smartphone (including older foldables) has started grabbing the One UI 3.1.1 features.

What about Android 12 One UI 4?

Later last month, Samsung teased that the Android 12-based One UI 4 Beta is coming soon for the Galaxy S21 series smartphone owners in South Korea, the US and Germany. The Beta participation had already begun but the company is yet to deliver the first One UI 4 Beta build to the consumers.