One UI

Samsung December 2023 Security Patch Details Released: What’s New

Published

9 months ago

on

Samsung has published the details of its December 2023 security patch for its Galaxy devices. It includes CVE and SVE items to enhance the security and stability of the device to provide a better and more secure experience.

The latest patch includes fixes of more than 60 vulnerabilities, of which 50 are of Google and others of Samsung. These include buffer overflow, AR Emoji, KnoxCustom Service, bootloader, SmartManager, Knox Guard, and Contacts.

Android Patch Details

The security update is based on the Android Security Bulletin – December 2023, which contains patches for 50 issues identified by Google.

Critical

  • CVE-2023-21671, CVE-2023-28574, CVE-2023-22388, CVE-2023-33045, CVE-2023-40077, CVE-2023-40076, CVE-2023-40088

High

  • CVE-2023-28469, CVE-2023-20702, CVE-2023-32835, CVE-2023-32834, CVE-2023-33031, CVE-2023-33059, CVE-2023-33055, CVE-2023-33074, CVE-2023-28545, CVE-2023-24852, CVE-2023-33048, CVE-2023-33056, CVE-2023-33047, CVE-2023-33061, CVE-2023-40079, CVE-2023-40089, CVE-2023-40091, CVE-2023-40095, CVE-2023-40096, CVE-2023-40103, CVE-2023-45774, CVE-2023-45777, CVE-2023-21267, CVE-2023-40073, CVE-2023-40092, CVE-2023-40074, CVE-2023-40075, CVE-2023-40078, CVE-2023-40080, CVE-2023-40082, CVE-2023-40084, CVE-2023-40087, CVE-2023-40090, CVE-2023-40097, CVE-2023-45773, CVE-2023-45775, CVE-2023-45776, CVE-2023-35668, CVE-2023-40083, CVE-2023-21394, CVE-2023-40098, CVE-2023-45781, CVE-2023-40094(A-288896339, A-307719731)

Moderate

  • None

Already included in previous updates

  • CVE-2023-28556

Not applicable to Samsung devices

  • CVE-2023-32836, CVE-2023-32837, CVE-2023-32832, CVE-2023-40081

One UI Patch Details

Samsung also addressed 16 issues specific to its devices, such as improper access control in knoxcustom service and KnoxCustomManagerService. Additionally, Samsung Semiconductor provided patches for two moderate issues.

  • SVE-2023-1700(CVE-2023-42570): Improper access control vulnerability in KnoxCustomManagerService
  • SVE-2023-1694(CVE-2023-42564): Improper access control in knoxcustom service
  • SVE-2023-1621(CVE-2023-42563): Integer overflow vulnerability in libFacePreProcessingjni.camera.samsung.so
  • SVE-2023-1620(CVE-2023-42562): Integer overflow vulnerability in libFacePreProcessingjni.camera.samsung.so
  • SVE-2023-1488(CVE-2023-42569): Improper authorization verification vulnerability in AR Emoji
  • SVE-2023-1480(CVE-2023-42561): Out-of-bounds write vulnerability in bootloader
  • SVE-2023-1452(CVE-2023-42568): Improper access control vulnerability in SmartManagerCN
  • SVE-2023-1440(CVE-2023-42560): Out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so
  • SVE-2023-1430(CVE-2023-42559): Improper exception management vulnerability in Knox Guard
  • SVE-2023-1393(CVE-2023-42558): Out of bounds write vulnerability in HDCP in HAL
  • SVE-2023-1374(CVE-2023-42557): Out-of-bound write vulnerability in libIfaaCa
  • SVE-2023-1350(CVE-2023-42567): Improper size check vulnerability in softsimd
  • SVE-2023-1102(CVE-2023-42566): Out-of-bound write vulnerability in libsavsvc
  • SVE-2023-1003(CVE-2023-42565): Improper input validation vulnerability in Smart Clip
  • SVE-2023-0938(CVE-2023-42556): Implicit intent hijacking vulnerability in Contacts
Related Topics:
Exit mobile version