One UI
Samsung July 2024 Security Patch Details Released: Here’s What’s New
As we enter the 2nd day of July 2024, Samsung has unveiled details of its newest security patch for Galaxy devices. This update aims to enhance security and performance, however, the rollout is yet to start.
July 2024 Security Maintenance Release (SMR) combines patches from Google and Samsung. Google brings fixes for 4 critical and 21 high-level vulnerabilities in Android, although 2 are not applicable to Samsung devices.
Moreover, Samsung has resolved 33 Samsung Vulnerabilities and Exposures (SVE) to further improve device security. These SVE items are mainly related to One UI Home, System Property, System UI, Filter Provider, Secure Folder, Configuration Message, IMS service, Knox, MTP app, and more.
This time, Samsung’s semiconductor patch also introduces fixes for 2 high-level CVEs specific to their hardware.
Samsung July 2024 Security Patch Details
Android Patch Details
Critical
- CVE-2023-43556, CVE-2023-43538, CVE-2023-43551, CVE-2024-31320
High
- CVE-2024-0671, CVE-2024-1065, CVE-2024-23698, CVE-2024-23696, CVE-2024-23697, CVE-2024-23695, CVE-2024-23711, CVE-2024-26926, CVE-2024-20066, CVE-2024-20068, CVE-2024-20067, CVE-2023-43542, CVE-2024-23363, CVE-2024-31331, CVE-2024-34720, CVE-2024-34723, CVE-2024-31332, CVE-2024-31339, CVE-2024-34722, CVE-2024-34721, CVE-2024-31338
Moderate
- None
Already included in previous updates
- None
Not applicable to Samsung devices
- CVE-2024-20069, CVE-2024-20065
Samsung Semiconductor
Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:
High
- CVE-2024-29153, CVE-2023-50805
One UI Patch Details
- SVE-2023-1279(CVE-2024-20888): Improper access control in OneUIHome
- SVE-2023-1514(CVE-2024-34583): Improper access control in system property
- SVE-2024-0067(CVE-2024-20890, CVE-2024-20889): Improper implementation in BLE
- SVE-2024-0144(CVE-2024-20891): Improper access control in SystemUI
- SVE-2024-0146(CVE-2024-34585): Improper access control in SystemUI
- SVE-2024-0148(CVE-2024-34595): Improper access control in SystemUI
- SVE-2024-0194(CVE-2024-20892): Improper verification of signature in FilterProvider
- SVE-2024-0440(CVE-2024-20893): Improper input validation in libmediaextractorservice.so
- SVE-2024-0490(CVE-2024-20894): Improper handling of exceptional conditions in Secure Folder
- SVE-2024-0547(CVE-2024-20895): Improper access control in Dar service
- SVE-2024-0700(CVE-2024-20896): Use of implicit intent for sensitive communication in Configuration message
- SVE-2024-0716(CVE-2024-34584): Improper privilege management in SumeNNService
- SVE-2024-0772(CVE-2024-20899, CVE-2024-20898, CVE-2024-20897): Use of implicit intent for sensitive communication in FCM function in IMS service.
- SVE-2024-0788(CVE-2024-34586): Improper access control in KnoxCustomManagerService
- SVE-2024-0793(CVE-2024-34587): Improper input validation in librtp.so
- SVE-2024-0794(CVE-2024-34588): Improper input validation in librtp.so
- SVE-2024-0795(CVE-2024-34589): Improper input validation in librtp.so
- SVE-2024-0810(CVE-2024-34590): Improper input validation in librtp.so
- SVE-2024-0811(CVE-2024-34591): Improper input validation in librtp.so
- SVE-2024-0812(CVE-2024-34592): Improper input validation in librtp.so
- SVE-2024-0818(CVE-2024-34593): Improper input validation in librtp.so
- SVE-2024-0834(CVE-2024-20900): Improper authentication in MTP application
- SVE-2024-0851(CVE-2024-20901): Improper input validation in copying data to buffer cache in libsaped
- SVE-2024-0882(CVE-2024-34594): Exposure of sensitive information in proc file system
Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.
