Updates

September 2022 SMR fixes these bugs on Samsung devices

Published

2 years ago

on

Samsung has now officially published the September 2022 security patch details for Galaxy devices, detailing which bugs, CVEs and SVEs are going to get fixes. The company is bringing a maintenance release for flagship Galaxy devices as part of the monthly Security Maintenance Release (SMR) process.

In addition to CVE fixes from Google, the September 2022 update includes various SVE items from Samsung as well. The company detailed which Android OS bugs (CVEs) and One UI bugs (SVEs) will be fixed with the latest security updates throughout the month.

Join Sammy Fans on Telegram

September SMR CVE Items

Samsung’s September 2022 security update for Galaxy devices comes with 21 high levels, and 3 moderate levels of CVEs. At the same time, there is no critical level of CVE mentioned on the list by the company, while, 2 CVEs are already fixed with previous updates and 4 aren’t applicable.

Follow Sammy Fans on Google News

Critical

  • None

High

  • CVE-2021-39815, CVE-2022-20122, CVE-2021-0947, CVE-2021-0946, CVE-2021-0698, CVE-2021-0887, CVE-2021-0891, CVE-2021-30259, CVE-2022-22062, CVE-2022-22070, CVE-2022-22067, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990, CVE-2022-25314, CVE-2022-20218, CVE-2022-20392, CVE-2022-20393, CVE-2022-20395, CVE-2022-20398, CVE-2022-20396

Moderate

  • CVE-2022-20197, CVE-2020-0500, CVE-2020-0293

Already included in previous updates

  • CVE-2022-22080, CVE-2022-20239

Not applicable to Samsung devices

  • CVE-2022-22061, CVE-2022-22069, CVE-2022-22059, CVE-2022-25668

September SMR SVE Items

Apart from CVE items from Google, the South Korean tech giant additionally included 29 Samsung Vulnerabilities and Exposures (SVE) items to improve its customers’ confidence in the security of Galaxy phones and tablets. You can check the SVE list below.

SVE-2022-1254(CVE-2022-36847):

  • Use after free vulnerability in mtp_send_signal function of MTP driver

SVE-2022-1249(CVE-2022-36849):

  • Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver

SVE-2022-1086(CVE-2022-36845), SVE-2022-1083(CVE-2022-36841), SVE-2022-1082(CVE-2022-36844), SVE-2022-1081(CVE-2022-36843), SVE-2022-1080(CVE-2022-36860), SVE-2022-1079(CVE-2022-36863), SVE-2022-1077(CVE-2022-36862), SVE-2022-1076(CVE-2022-36842), SVE-2022-1075(CVE-2022-36846), SVE-2022-1074(CVE-2022-36858)

  • A heap-based overflow vulnerability in libSDKRecognitionText.spensdk.samsung.so library

SVE-2022-1037(CVE-2022-36854):

  • Out of bound read in libapexjni.media.samsung.so

SVE-2022-0934(CVE-2022-36848):

  • Improper Authorization vulnerability in setDualDARPolicyCmd

SVE-2022-0899(CVE-2022-36852):

  • Improper Authorization vulnerability in Video Editor

SVE-2022-0853(CVE-2022-36861):

  • Custom permission misuse in SystemUI

SVE-2022-0815(CVE-2022-36853):

  • Intent redirection in Photo Editor

SVE-2022-0803(CVE-2022-36856):

  • Improper access control vulnerability in Telecom application

SVE-2022-0706(CVE-2022-36857):

  • Improper Authorization vulnerability in Photo Editor

SVE-2022-0702(CVE-2022-36850):

  • Path traversal vulnerability in CallBGProvider

SVE-2022-0619(CVE-2022-36855):

  • Use After Free vulnerability in iva_ctl driver

Samsung mentioned that some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Samsung September 2022 Security Update Tracker
Related Topics:
Exit mobile version