Samsung September 2024 security patch details published – Android CVEs, One UI SVEs

We are on 4th September 2024 and Samsung has revealed the details of the latest security patch for its Galaxy devices. This patch includes several security enhancements, specifically CVE and SVE items to boost security. Although the release of the September 2024 security update has not started for Galaxy devices, it is expected to begin shortly.

According to the scope page, the September 2024 security patch addresses 1 critical and 43 high levels of CVEs for the Android operating system. However, 1 CVE was resolved by previous updates from the company, and 1 is not relevant to Galaxy devices.

Besides Google patches, Samsung offers 23 SVE items to improve user experience. The latest security patch fixes various issues related to My Files, Theme Center, One UI Home, Knox, Dex, and more.

Samsung September 2024 Security Patch Details

Android Patch Details

Critical

• CVE-2024-23350

High

• CVE-2024-23355, CVE-2024-21481, CVE-2024-23356, CVE-2024-23357, CVE-2024-33027, CVE-2024-21478, CVE-2024-23383, CVE-2024-23384, CVE-2024-23382, CVE-2024-23381, CVE-2024-23352, CVE-2024-23353, CVE-2024-20082, CVE-2024-33013, CVE-2024-33025, CVE-2024-33015, CVE-2024-33024, CVE-2024-33010, CVE-2024-33020, CVE-2024-33018, CVE-2024-33019, CVE-2024-33026, CVE-2024-2937, CVE-2024-31333, CVE-2024-33011, CVE-2024-33012, CVE-2024-33014, CVE-2024-33023, CVE-2024-4607, CVE-2024-32896, CVE-2024-40658, CVE-2024-40662, CVE-2024-40650, CVE-2024-40652, CVE-2024-40654, CVE-2024-40655, CVE-2024-40657, CVE-2024-40656, CVE-2024-40659, CVE-2024-40665, CVE-2024-40664, CVE-2024-40663, CVE-2024-40666

Moderate

• None

Already included in previous updates

• CVE-2024-36971

Not applicable to Samsung devices

• CVE-2024-33028

One UI Patch Details

Samsung has addressed 23 issues specific to its devices, such as improper authorization in My Files, Theme Center, One UI Home, Knox, Dex, and more.

• SVE-2023-1030(CVE-2024-34637): Improper access control in WindowManagerService
• SVE-2023-1487(CVE-2024-34651): Improper authorization in My Files
• SVE-2024-0453(CVE-2024-34638): Improper handling of exceptional conditions in ThemeCenter
• SVE-2024-0513(CVE-2024-34652): Incorrect authorization in kperfmon
• SVE-2024-0785(CVE-2024-34640): Improper access control in BGProtectManager
• SVE-2024-0852(CVE-2024-34653): Path Traversal in My Files
• SVE-2024-0918(CVE-2024-34654): Improper Export of android application component in My Files
• SVE-2024-0970(CVE-2024-34641): Improper Export of Android Application Components in FeliCaTest
• SVE-2024-1009(CVE-2024-34642): Improper authorization in One UI Home
• SVE-2024-1154(CVE-2024-34643): Improper access control in Dressroom
• SVE-2024-1155(CVE-2024-34644): Improper access control in Dressroom
• SVE-2024-1156(CVE-2024-34645): Improper input validation in ThemeCenter application
• SVE-2024-1187(CVE-2024-34646): Improper access control in DualDarManagerProxy
• SVE-2024-1191(CVE-2024-34647): Incorrect use of privileged API in DualDarManagerProxy
• SVE-2024-1212(CVE-2024-34648): Improper Handling of Insufficient Permissions in KnoxMiscPolicy
• SVE-2024-1226(CVE-2024-34655): Incorrect use of privileged API in UniversalCredentialManager
• SVE-2024-1278(CVE-2024-34649): Improper access control in new Dex Mode in multitasking framework
• SVE-2024-1381(CVE-2024-34650): Incorrect authorization in CocktailbarService