Connect with us

Updates

Samsung September 2021 Security Patch Details – New Fixes (CVE/SVE)

Published

on

Samsung Security Patch Update

Though a bit late, but Samsung has finally released its September 2021 One UI security patch details alongside the Android patches by Google. As always, the newly published security bulletin brings detailed information including different levels of CVEs such as critical, high and moderate as well as Samsung SVEs.

If we go with Samsung’s official Firmware Updates support page, the September 2021 security patch comes with fixes for 3 critical, 29 high, and 14 moderate CVEs from Google. At the same time, 2 CVEs had already been included in previous updates, while 9 are not applicable on Galaxies.

Below, you can see the CVEs that will be fixed on your Samsung Galaxy device after upgrading to September 2021 security patch.

Critical

  • CVE-2021-1972, CVE-2021-1976, CVE-2021-0687

High

  • CVE-2021-28375, CVE-2020-14381, CVE-2021-0582, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-30261, CVE-2021-30260, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-0639, CVE-2019-10581, CVE-2021-0518, CVE-2021-0595, CVE-2021-0683, CVE-2021-0684, CVE-2021-0685, CVE-2021-0688, CVE-2021-0686, CVE-2021-0689, CVE-2021-0690, CVE-2021-0598, CVE-2021-0692, CVE-2021-0428, CVE-2021-0644, CVE-2021-0682, CVE-2021-0693

Moderate

  • CVE-2021-0565, CVE-2021-0556, CVE-2021-0562, CVE-2021-0566, CVE-2021-0536, CVE-2021-0537, CVE-2021-0538, CVE-2021-0539, CVE-2021-0547, CVE-2021-0548, CVE-2021-0553, CVE-2021-0549, CVE-2021-0552, CVE-2021-0691

Already included in previous updates

  • CVE-2021-3347, CVE-2021-0564

Not applicable to Samsung devices

  • CVE-2021-1919, CVE-2021-1916, CVE-2021-1920, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-1914, CVE-2021-1978, CVE-2020-3633

Samsung Galaxy Security Update

Join Sammy Fans on Telegram

Aside from CVE fixes, Samsung also offers additional security improvements, better known as SVE, especially for the Galaxy consumers. This month, the company bringing repairs for 23 Samsung Vulnerabilities and Exposures (SVE) items. (Some of them mentioned below)

SVE-2021-21619 (CVE-2021-25457): Kernel Information Disclosure in the Vision DSP Kernel Driver

Severity: Moderate

Advertisement

Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets

  • An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
  • The patch adds proper input validation in DSP driver.

SVE-2021-21943 (CVE-2021-25450): Path traversal vulnerability in FactoryAirCommandManager

Severity: High

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
  • The patch addresses incorrect implementation of file path validation check logic.

SVE-2021-22094 (CVE-2021-25449): Arbitrary code execution on mediaextractor process

Severity: Moderate

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

Advertisement
  • An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
  • The patch adds proper input check to prevent buffer overflow.

SVE-2021-21959 (CVE-2021-25452): Kernel Permanent Denial of Service Vulnerability in the Vision DSP Kernel Driver

Severity: Moderate

Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets

  • An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
  • The patch adds proper input check to prevent loading unintended file in path.

SVE-2021-21041 (CVE-2021-25453): Leak Bluetooth information through Broadcast in Bluetooth app

Severity: High

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
  • The patches add proper access control to prevent Bluetooth information leak.

SVE-2021-21620 (CVE-2021-25458): NULL pointer dereference vulnerability in the ION Driver

Severity: Low

Advertisement

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets

  • NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
  • The patch adds proper input check to prevent null pointer dereference.

SVE-2021-22602 (CVE-2021-25459): Improper access control in BlockChainService

Severity: Moderate

Affected versions: Select Q(10.0), R(11.0)

  • An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
  • The patch adds the proper permission check to prevent improper access to BlockchainTZService.

SVE-2021-22603 (CVE-2021-25460): Improper access control in BlockChainService

Severity: Moderate

Affected versions: Select Q(10.0), R(11.0)

Advertisement
  • An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
  • The patch adds the proper permission check to prevent improper access to BlockchainTZService.

SVE-2021-22411 (CVE-2021-25461): APAService Stack Overflow

Severity: Low

Affected versions: O(8.1)

  • An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
  • The patch adds proper length check in APAService.

SVE-2021-21413 (CVE-2021-25451): Sensitive information disclosure in NetworkPolicyManagerService

Severity: Moderate

Affected versions: P(9.0), Q(10.0), R(11.0)

  • A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
  • The patch addresses the intent in NetworkPolicyManagerService to prevent unprivileged access.

SVE-2021-22278 (CVE-2021-25454): OOB read vulnerability in ‘libsaacextractor.so’

Severity: Low

Advertisement

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
  • The patch adds length check code in libsaacextractor library.

SVE-2021-22291 (CVE-2021-25455): OOB read vulnerability in ‘libsaviextractor.so’

Severity: Low

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

  • OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
  • The patch adds length check code in libsaviextractor library.

SVE-2021-22343 (CVE-2021-25456): OOB read vulnerability in ‘libswmfextractor.so’

Severity: Moderate

Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)

Advertisement
  • OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
  • The patch adds length check code in libswmfextractor library.

SVE-2021-21969 (CVE-2021-25462): Null Pointer Dereference vulnerability in the NPU Driver

Severity: Low

Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets

  • NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
  • The patch adds proper input check to prevent null pointer dereference.

Samsung One UI 3.1.1

Released alongside the Galaxy Z Fold 3 and Galaxy Z Flip 3, the One UI 3.1.1 version is making its way to more and more Galaxy devices through software updates. So far, the company’s every flagship smartphone (including older foldables) has started grabbing the One UI 3.1.1 features.

What about Android 12 One UI 4?

Later last month, Samsung teased that the Android 12-based One UI 4 Beta is coming soon for the Galaxy S21 series smartphone owners in South Korea, the US and Germany. The Beta participation had already begun but the company is yet to deliver the first One UI 4 Beta build to the consumers.

Meet Yash, author and dynamic creator of the compelling tech narratives at Sammy Fans. He has evolved from a Samsung firmware aficionado to a multi-faceted tech storyteller. Yash's expertise shines brightest with his explorations into Samsung's One UI. Beyond the screen, his love for nature (especially landscapes and rivers) adds a unique flavor to his work.

Updates

Samsung Galaxy S21 series begins receiving February 2025 security update

Published

on

By

Samsung Galaxy S21 Ultra

Samsung Galaxy S21, Galaxy S21 Plus, and Galaxy S21 Ultra smartphones are getting a new update with February 2025 security update. The update is currently available in some countries in Europe including Switzerland and will soon expand it.

The new update improves the system’s security and stability to provide a better Galaxy experience. It fixes a bunch of issues to make your device more secure and stable.

February 2025 security update for Samsung Galaxy S21 series arrives with One UI build versions mentioned below.

  • G991BXXSEGYA2 – Galaxy S21
  • G996BXXSEGYA2 – Galaxy S21 Plus
  • G998BXXSEGYA2 – Galaxy S21 Ultra

Samsung Galaxy S21 February 2025 update

Samsung’s February 2025 security patch fixes one critical and 34 high-level CVEs for Android, with two CVEs not relevant to Galaxy devices. The update also includes seven SVE items to improve user experience, addressing issues in the Samsung Find app, Android settings, and more.

To check for software updates manually, head toward your phone’s Settings. At the bottom, you will get the Software Update section, simply open it. Inside the submenu, you need to hit the Download and Install button if your Galaxy fetches a new OTA.

Advertisement

For a long time, One UI 7 has been under internal testing for the Galaxy S21 series. Earlier, several testing builds had appeared online, showing that the company is working on a major update for this device.

While the company has not officially confirmed the release date, the One UI 7 update for the Galaxy S21 series is expected to roll out after the stable update release for the Galaxy S24 series. Some rumors indicated stable update rollout might start in April 2025.

Samsung confirms One UI 7 Beta 4 for Galaxy S24 – Here’s when to expect it

Continue Reading

Updates

AT&T rolling out Galaxy S25’s first seamless update in the US [One UI 7.0]

Published

on

By

Samsung Galaxy S25 Ultra Display

Samsung Galaxy S25 series at AT&T getting the first seamless update in the US. The new flagships run One UI 7 and the first firmware update aims to elevate user experience. The OTA contains the latest February 2025 security patches.

AT&T has started rolling out a February 2025 security update to the Galaxy S25, S25+, and S25 Ultra. Earlier, Verizon, T-Mobile, and US Cellular released the first firmware update for Samsung’s new flagship phones.

Earlier this month, the company detailed a February 2025 security update. Your Galaxy’s first firmware update contains fixes for 1 critical and 34 high levels of CVEs from Google and 7 SVE items for One UI from Samsung.

Some users noticed horizontal binding problems in sky shots taken in Night Mode. The update may have also included camera-related improvements. However, the 45W charging problem’s fix is expected to be available with the next release.

Build Versions:

Advertisement
  • S931USQU1AYB3 – Galaxy S25
  • S931USQU1AYB3 – Galaxy S25+
  • S931USQU1AYB3 – Galaxy S25 Ultra

US network providers continue to expand the latest update. Meanwhile, carrier-unlocked models haven’t yet received the February 2025 patch. A broader expansion is anticipated to take place within February in the US.

Galaxy S25 series supports Seamless Updates functionality. The installation experience has been significantly streamlined. You will not have to face a longer downtime during the update’s install process as just a quick reboot is required.

Read More – Galaxy S25 Seamless Updates vs Galaxy S24 Traditional Updates

The new flagship phones come pre-installed with One UI 7.0 version. Samsung hasn’t yet started the update’s rollout to existing models. An official clarification is still awaited as wild rumors continue to tarnish the brand’s reputation.

AT&T Galaxy S25 Update

Source – Fresh_Ad6309 / Reddit

Continue Reading

Updates

Samsung Galaxy Tab S9 series getting February 2025 security update

Published

on

By

Samsung Galaxy Tab S9 February 2025 update

Samsung has started rolling out the February 2025 security update to the Galaxy Tab S9 series. It is the first update for Galaxy Tab S9, Galaxy Tab S9+, and Galaxy Tab S9 Ultra models and is available in Europe.

The fresh security patch fixes some security issues found in the previous software to make the tablets more secure. However, there are no new features included in this update.

The February 2025 security patch addresses a critical vulnerability and 34 high-risk CVEs within the Android OS. It’s important to note that two of these vulnerabilities are irrelevant to Galaxy devices.

Alongside Google’s regular security fixes, Samsung contributes seven SVE items aimed at improving overall device functionality. This patch addresses specific issues such as those with the Samsung Find app and Android Application Component settings.

Samsung Galaxy Tab S9 February 2025 update

Users of the Samsung Galaxy Tab S9, Galaxy Tab S9 Plus, and Galaxy Tab S9 Ultra can identify the February 2025 update via version X716BXXS5BYA5, X816BXXS5BYA5 andX916BXXS5BYA5 respectively.

Advertisement

Looking ahead, Samsung is expected to release a major One UI 7 update in the next couple of months. The update will bring a new look and feel to the Galaxy Tab S9 series, with smoother animations and new AI features for a more advanced user experience.

If you have a Galaxy Tab S9 device in Europe, you can check for the new update by going to Settings >> Software update >> Download and install. It’s important to keep your device updated to ensure it is secure and running smoothly.

February 2025 update now hitting non-One UI 7 Beta Galaxy S24 models in Europe

Continue Reading

Updates

February 2025 update now hitting non-One UI 7 Beta Galaxy S24 models in Europe

Published

on

By

Galaxy S24 Ultra February 2025 patch

After Korea and the US, Samsung is expanding the February 2025 security update for the Galaxy S24 series in Europe. The update improves the security and stability by fixing a bunch of issues to provide a better experience.

The latest security update for the Galaxy S24 series is based on Android 14 with One UI 6.1. This update is available for all users who are not part of the One UI 7 beta program. Beta testers can expect to receive the upcoming One UI 7 Beta 4 update in the coming days.

February 2025 security update for Galaxy S24 series in Europe arrives with One UI build versions given below.

  • S928BXXS4AYB2 – Galaxy S24
  • S926BXXS4AYB2 – Galaxy S24 Plus
  • S921BXXS4AYB2 – Galaxy S24 Ultra

Users will have to download around a 470MB package to install the update. Samsung is continuously working to make it available for all models.

Samsung Galaxy S24 Ultra

Samsung Galaxy S24 Ultra (Credit – Sammyfans)

Samsung’s February 2025 security patch fixes one critical and 34 high-level CVEs for Android, with two CVEs not relevant to Galaxy devices. The update also includes seven SVE items to improve user experience, addressing issues in the Samsung Find app, Android settings, and more.

Users are advised to install the update promptly to benefit from the improved security measures. For those who have not received an update notification, the update can be manually checked and installed.

To install the update, open the smartphone’s settings, select ‘Software Update’, and then ‘Download and install’. Following these steps will ensure that your Galaxy smartphone is up-to-date with the latest security protections.

Advertisement

Samsung Galaxy S24 series gets February 2025 security patch ahead of stable One UI 7

Continue Reading

Updates

Samsung Galaxy A73 5G gets February 2025 security update amid One UI 7 internal testing

Published

on

By

Samsung Galaxy A73

Following the Galaxy A34 5G smartphone, Samsung has started releasing the February 2025 security update for the Galaxy A73 5G smartphone. The update is currently rolling out in some Asian countries including Malaysia and the company will expand it soon to more countries.

One UI 7 has been under internal testing for Galaxy A73 5G for a long time. Earlier, several testing builds had appeared online, showing that the company is working on a major update for this device. While the company has not officially confirmed the release date, the One UI 7 update for Galaxy A73 is expected to roll out after the stable update release for the Galaxy S24 series.

Right now, users of the Samsung Galaxy A73 5G smartphone can download the February 2025 security update, making their device ready for future updates. The update arrives with a One UI build version A736BXXSAEYB2. 

Samsung Galaxy A73 February 2025 update

Notably, the February 2025 security patch addresses one critical and 34 high-level CVEs impacting the Android operating system. However, two of these CVEs are not applicable to Galaxy devices.

In addition to the patches provided by Google, Samsung has introduced 7 SVE items to enhance the user experience. This latest update resolves several issues, including those related to the Samsung Find app, the Android Application Component in Settings, and others for improved device security and performance.

Advertisement

To check for software updates manually, head toward your phone’s Settings. At the bottom, you will get the Software Update section, simply open it. Inside the submenu, you need to hit the Download and Install button if your Galaxy fetches a new OTA.

Samsung, where is One UI 7 update? At least give us a timeline to wait

Continue Reading

Most Popular