Samsung shared the details of the vulnerabilities resolved with the latest security update available; among these are 75 fixes released directly by Google and valid for all Android devices which we report below in detail:
Critical risk
CVE-2022-40507
High risk
CVE-2023-4272, CVE-2023-32804, CVE-2023-3889, CVE-2023-21215, CVE-2023-21227, CVE -2023-21228, CVE-2023-21216, CVE-2023-21218, CVE- 2023-21166, CVE-2023-21164, CVE-2023-21163, CVE-2023-21162, CVE-2023-21217, CVE-2023 -21401, CVE-2023-21402, CVE-2023-21263, CVE-2023- 35690, CVE-2023-21403, CVE-2023-32847, CVE-2023-32848, CVE-2023-32851, CVE-2022-22076, CVE-2023-21652, CVE-2023-21664, CVE-2023-21662, CVE-2023-33017, CVE-2023-28546, CVE-2023-28585, CVE-2023-28586, CVE-2023-33022, CVE -2023-33054, CVE-2023-28550, CVE-2023-28551, CVE- 2023-33018, CVE-2023-33081, CVE-2023-33089, CVE-2023-33098, CVE-2023-33088, CVE-2023 -33080, CVE-2023-33097, CVE-2023-33079, CVE-2023- 33092, CVE-2023-33107, CVE-2023-33106, CVE-2023-33063, CVE-2023-33053, CVE-2023-33087, CVE-2023-45779, CVE-2022-48457, CVE-2022-48458, CVE-2022-48459, CVE-2022-48454, CVE-2022-48455, CVE-2022-48461, CVE-2022-48456, CVE -2023-32818, CVE-2023-21245, CVE-2024-0015, CVE- 2024-0018, CVE-2024-0023, CVE-2024-0019, CVE-2024-0021, CVE-2023-35671, CVE-2024 -0016, CVE-2024-0017, CVE-2024-0020, CVE-2023- 21266, CVE-2023-40120
Moderate risk
CVE-2023-32842, CVE-2023-32844, CVE-2023-32846, CVE-2023-32841, CVE-2023-32843, CVE-2023-32845.
As usual, Samsung also releases other fixes at the same time as Google’s fixes, aimed at resolving some specific vulnerabilities for Galaxy devices; as often happens, the company does not release the details of all the corrected vulnerabilities, this is to prevent bad actors from exploiting them before the update is widely distributed. In any case, we report below what was shared by the company, regarding the critical issues resolved with the January 2024 security patches:
- SVE-2023-1689(CVE-2024-20806): Improper access control in Notification service (moderate risk)
- SVE-2023-1667(CVE-2024-20802): Improper access control in Samsung DeX (moderate risk)
- SVE-2023-1418(CVE-2024-20805): Path traversal vulnerability in MyFiles (moderate risk)
- SVE-2023-1406(CVE-2024-20804): Path traversal vulnerability in MyFiles (moderate risk)
- SVE-2023-1038(CVE-2024-20803): Improper authentication vulnerability in Bluetooth pairing process (high risk)