Vulnerabilities > Samsung > Samsung Mobile > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-03-30 CVE-2018-9139 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mobile
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.
network
low complexity
samsung CWE-119
critical
10.0
2018-03-30 CVE-2018-9141 Improper Input Validation vulnerability in Samsung Mobile
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.
network
samsung CWE-20
critical
9.3
2018-03-30 CVE-2018-9143 Out-of-bounds Write vulnerability in Samsung Mobile
On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.
network
low complexity
samsung CWE-787
critical
10.0
2018-01-04 CVE-2018-5210 Out-of-bounds Write vulnerability in Samsung Mobile
On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern).
network
samsung CWE-787
critical
9.3
2017-03-23 CVE-2017-5538 Out-of-bounds Read vulnerability in Samsung Mobile 6.0/7.0
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362.
network
low complexity
samsung CWE-125
critical
10.0
2017-01-18 CVE-2016-6526 Permissions, Privileges, and Access Controls vulnerability in Samsung Mobile 5.0/5.1/6.0
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
network
samsung CWE-264
critical
9.3
2017-01-18 CVE-2016-6527 Permissions, Privileges, and Access Controls vulnerability in Samsung Mobile 5.0/5.1/6.0
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
network
samsung CWE-264
critical
9.3
2016-12-16 CVE-2016-9965 7PK - Errors vulnerability in Samsung Mobile
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges.
network
low complexity
samsung CWE-388
critical
10.0
2016-12-16 CVE-2016-9966 7PK - Errors vulnerability in Samsung Mobile
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges.
network
low complexity
samsung CWE-388
critical
10.0
2016-12-16 CVE-2016-9967 7PK - Errors vulnerability in Samsung Mobile
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges.
network
low complexity
samsung CWE-388
critical
10.0