Samsung

Samsung’s November 2023 patch addresses 48 Android CVEs, 15 One UI SVEs

Published

1 year ago

on

Following the November 2023 Android 14 patch rollout, Samsung released details of the One UI patch for Galaxy consumers. The company mentioned various CVEs and SVEs that will sequentially roll out to several Galaxy devices across the world.

Galaxy’s November 2023 One UI patch includes patches from Google and Samsung. In particular, your Galaxy device’s latest software update addresses 48 CVEs related to the Android operating system, 15 SVEs related to One UI software, and 2 CVEs related to Samsung Semiconductor.

Follow our socials → Google NewsTelegramX/TwitterFacebook | WhatsApp

Samsung is rolling out the maintenance release for major flagship and select Galaxy A/M/F models as part of monthly/quarterly/biannual security maintenance releases. You can check the details of CVEs, SVEs, and Semiconductor patches below.

Google patches include patches up to the Android Security Bulletin – November 2023 package. The Bulletin (November 2023) contains the following CVE items:

Critical / 5

  • CVE-2023-24855, CVE-2023-28540, CVE-2023-33028, CVE-2023-4863, CVE-2023-40113

High / 43

  • CVE-2020-29374, CVE-2023-21673, CVE-2023-22385, CVE-2023-24843, CVE-2023-24844, CVE-2023-24848, CVE-2023-24847, CVE-2023-24850, CVE-2023-24849, CVE-2023-24853, CVE-2023-34970, CVE-2023-33200, CVE-2023-33034, CVE-2023-33035,
  • CVE-2023-33027, CVE-2023-33029, CVE-2023-33026, CVE-2023-4211, CVE-2023-20819, CVE-2023-32819, CVE-2023-32820, CVE-2021-44828, CVE-2022-28348, CVE-2023-40638, CVE-2023-40106, CVE-2023-40107, CVE-2023-40109, CVE-2023-40110, CVE-2023-40111,
  • CVE-2023-40114, CVE-2023-40105, CVE-2023-40124, CVE-2023-40100, CVE-2023-40115, CVE-2023-40104, CVE-2023-40112, CVE-2023-21103, CVE-2023-21111, CVE-2023-21234, CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, CVE-2023-33063.

 

Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:

High / 2

  • CVE-2023-41111, CVE-2023-41112

Along with Google patches and Samsung Semiconductor patches, Samsung Mobile provides 15 SVE items described below, to improve customer’s confidence in the security of Galaxy devices. Some of the SVE items may not be included in this package, in case of prior resolution.

High / 6

  • SVE-2023-1439(CVE-2023-42538): An improper input validation in saped_rec_silence in libsaped
  • SVE-2023-1437(CVE-2023-42537): An improper input validation in get_head_crc in libsaped
  • SVE-2023-1434(CVE-2023-42536): An improper input validation in saped_dec in libsaped
  • SVE-2023-1396(CVE-2023-42533): Improper Input Validation with USB Gadget Interface
  • SVE-2023-1365(CVE-2023-42532): Improper Certificate Validation in FotaAgent
  • SVE-2023-1363(CVE-2023-42535): Out-of-bounds Write in read_block of vold
  • SVE-2023-0541(CVE-2023-42529): Out-of-bound write in libsec-ril
  • SVE-2023-0539(CVE-2023-42528): Heap Overflow in ProcessNvBuffering of libsec-ril
  • SVE-2023-0538(CVE-2023-42527): Improper input validation in ProcessWriteFile of libsec-ril
  • SVE-2023-0537(CVE-2023-30739): Arbitrary File Descriptor Write in libsec-ril

Moderate

  • SVE-2023-1031(CVE-2023-42531): Improper access control vulnerability in SmsController
  • SVE-2023-0987(CVE-2023-42530): Improper access control vulnerability in SecSettings
  • SVE-2023-0611(CVE-2023-42534): Improper input validation vulnerability in ChooserActivity

// Samsung
Related Topics:
Exit mobile version