Samsung releases October 2022 One UI security details

On October 4, Samsung released the October 2022 One UI security patch details, applicable on all Galaxy devices. The company updated its security patch support page with the addition of October 2022 patch content from Google and Samsung.

Common Vulnerabilities and Exposures

According to official details, Samsung October 2022 security patch brings fixes for different kinds of vulnerabilities and exposures. It includes 1 critical, 29 high, and 2 moderate levels of CVEs, while, 8 CVEs were already included in previous updates, and 11 are not applicable to Galaxy devices.

You can check the October 2022 CVE fixes below:

Critical CVE fixes include: CVE-2022-20419

High level of CVE fixes include: CVE-2021-0942, CVE-2021-0943, CVE-2021-0697, CVE-2021-0871, CVE-2022-20399, CVE-2022-29582, CVE-2022-22091, CVE-2022-22066, CVE-2022-25696, CVE-2022-25690, CVE-2022-22095, CVE-2022-25656, CVE-2022-25670, CVE-2022-20388, CVE-2022-20387, CVE-2022-20385, CVE-2021-4083, CVE-2022-20420, CVE-2022-20351, CVE-2022-20413, CVE-2022-20418, CVE-2022-20412, CVE-2022-20416, CVE-2022-20417, CVE-2021-39628, CVE-2021-39673, CVE-2022-20394, CVE-2022-20410, and CVE-2022-20425.

Moderate CVE fixes include: CVE-2021-39758, and CVE-2022-20415

CVEs fixed with previous updates include: CVE-2022-22089, CVE-2022-22081, CVE-2022-22093, CVE-2022-22094, CVE-2022-22092, CVE-2022-25704, CVE-2022-25693, and CVE-2021-39624.

These CVEs are not applicable on Samsung devices: CVE-2022-26447, CVE-2022-22074, CVE-2022-25688, CVE-2022-25669, CVE-2022-25686, CVE-2022-25708, CVE-2022-25706, CVE-2022-20386, CVE-2022-20391, CVE-2022-20390, CVE-2022-20389

For more information about the Android security patch, you can head here.

Samsung Vulnerabilities and Exposures

In order to add additional security, Samsung included 18 Samsung Vulnerabilities and Exposures (SVE) items in the October 2022 security patch along with Google patches, which makes it a complete One UI security update. You can check more details about SVEs below.

SVE-2022-1782(CVE-2022-39856): Improper access control vulnerability in imsservice application

SVE-2022-1655(CVE-2022-39855): Improper access control vulnerability in FACM application

SVE-2022-1586(CVE-2022-39848): Exposure of SerialNo through Logcat in AT_Distributor

SVE-2022-1406(CVE-2022-39850, CVE-2022-39849): Improper access control in knox_vpn_policy and mum_container_policy services

SVE-2022-1371(CVE-2022-39851): Improper access control vulnerability in CocktailBarService

SVE-2022-1300(CVE-2022-39854): Improper protection in IOMMU

SVE-2022-1253(CVE-2022-39847): Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver

SVE-2022-1251(CVE-2022-39853): Use After Free vulnerability in perf-mgr driver

SVE-2022-1212(CVE-2022-36868): Leak of MAC address of connected Bluetooth device in MouseNKeyHidDevice

SVE-2022-0998(CVE-2022-39852): A heap-based overflow vulnerability in libagifencoder.quram.so library

Samsung October 2022 update

Starting September 26, Samsung is releasing the October 2022 security update to eligible Galaxy devices. So far, various flagship and select mid-range phones have received the latest security improvements update, while you can check more information about eligible devices through our dedicated page.