Vulnerabilidades em Samsung Mobile

1.316 resultados
Análise Vexday

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2025-58476MEDIUMOut-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.EPSS 0.1%CVE-2025-21006HIGHOut-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bEPSS 0.1%CVE-2026-20977MEDIUMImproper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning.EPSS 0.1%CVE-2022-22264HIGHImproper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary filEPSS 0.1%CVE-2025-20998MEDIUMImproper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number.EPSS 0.1%CVE-2023-21480HIGHImproper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.EPSS 0.1%CVE-2025-20942MEDIUMImproper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAIEPSS 0.1%CVE-2025-21010MEDIUMImproper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung accoEPSS 0.1%CVE-2023-21478MEDIUMImproper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.EPSS 0.1%CVE-2025-20965MEDIUMImproper handling of insufficient permission in Bixby wakeup prior to version 2.3.74.8 allows local attackers to access sensitive data.EPSS 0.1%CVE-2021-25416Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executabEPSS 0.1%CVE-2021-25338MEDIUMImproper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernEPSS 0.1%CVE-2022-27822MEDIUMInformation exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permisEPSS 0.1%CVE-2021-25340MEDIUMImproper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to cEPSS 0.1%CVE-2023-21468MEDIUMImproper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permissioEPSS 0.1%CVE-2025-20953MEDIUMImproper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.EPSS 0.1%CVE-2025-20975MEDIUMImproper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activiEPSS 0.1%CVE-2025-21041MEDIUMInsecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.EPSS 0.1%CVE-2025-20961MEDIUMImproper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attacEPSS 0.1%CVE-2021-25475LOWA possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and cEPSS 0.1%