Updates
Samsung September 2021 Security Patch Details – New Fixes (CVE/SVE)
Though a bit late, but Samsung has finally released its September 2021 One UI security patch details alongside the Android patches by Google. As always, the newly published security bulletin brings detailed information including different levels of CVEs such as critical, high and moderate as well as Samsung SVEs.
If we go with Samsung’s official Firmware Updates support page, the September 2021 security patch comes with fixes for 3 critical, 29 high, and 14 moderate CVEs from Google. At the same time, 2 CVEs had already been included in previous updates, while 9 are not applicable on Galaxies.
Below, you can see the CVEs that will be fixed on your Samsung Galaxy device after upgrading to September 2021 security patch.
Critical
- CVE-2021-1972, CVE-2021-1976, CVE-2021-0687
High
- CVE-2021-28375, CVE-2020-14381, CVE-2021-0582, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-30261, CVE-2021-30260, CVE-2021-1939, CVE-2021-1947, CVE-2021-1904, CVE-2021-0639, CVE-2019-10581, CVE-2021-0518, CVE-2021-0595, CVE-2021-0683, CVE-2021-0684, CVE-2021-0685, CVE-2021-0688, CVE-2021-0686, CVE-2021-0689, CVE-2021-0690, CVE-2021-0598, CVE-2021-0692, CVE-2021-0428, CVE-2021-0644, CVE-2021-0682, CVE-2021-0693
Moderate
- CVE-2021-0565, CVE-2021-0556, CVE-2021-0562, CVE-2021-0566, CVE-2021-0536, CVE-2021-0537, CVE-2021-0538, CVE-2021-0539, CVE-2021-0547, CVE-2021-0548, CVE-2021-0553, CVE-2021-0549, CVE-2021-0552, CVE-2021-0691
Already included in previous updates
- CVE-2021-3347, CVE-2021-0564
Not applicable to Samsung devices
- CVE-2021-1919, CVE-2021-1916, CVE-2021-1920, CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-1914, CVE-2021-1978, CVE-2020-3633
Join Sammy Fans on Telegram
Aside from CVE fixes, Samsung also offers additional security improvements, better known as SVE, especially for the Galaxy consumers. This month, the company bringing repairs for 23 Samsung Vulnerabilities and Exposures (SVE) items. (Some of them mentioned below)
SVE-2021-21619 (CVE-2021-25457): Kernel Information Disclosure in the Vision DSP Kernel Driver
Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
- An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
- The patch adds proper input validation in DSP driver.
SVE-2021-21943 (CVE-2021-25450): Path traversal vulnerability in FactoryAirCommandManager
Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
- The patch addresses incorrect implementation of file path validation check logic.
SVE-2021-22094 (CVE-2021-25449): Arbitrary code execution on mediaextractor process
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
- The patch adds proper input check to prevent buffer overflow.
SVE-2021-21959 (CVE-2021-25452): Kernel Permanent Denial of Service Vulnerability in the Vision DSP Kernel Driver
Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
- An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
- The patch adds proper input check to prevent loading unintended file in path.
SVE-2021-21041 (CVE-2021-25453): Leak Bluetooth information through Broadcast in Bluetooth app
Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
- The patches add proper access control to prevent Bluetooth information leak.
SVE-2021-21620 (CVE-2021-25458): NULL pointer dereference vulnerability in the ION Driver
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
- NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- The patch adds proper input check to prevent null pointer dereference.
SVE-2021-22602 (CVE-2021-25459): Improper access control in BlockChainService
Severity: Moderate
Affected versions: Select Q(10.0), R(11.0)
- An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
- The patch adds the proper permission check to prevent improper access to BlockchainTZService.
SVE-2021-22603 (CVE-2021-25460): Improper access control in BlockChainService
Severity: Moderate
Affected versions: Select Q(10.0), R(11.0)
- An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
- The patch adds the proper permission check to prevent improper access to BlockchainTZService.
SVE-2021-22411 (CVE-2021-25461): APAService Stack Overflow
Severity: Low
Affected versions: O(8.1)
- An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
- The patch adds proper length check in APAService.
SVE-2021-21413 (CVE-2021-25451): Sensitive information disclosure in NetworkPolicyManagerService
Severity: Moderate
Affected versions: P(9.0), Q(10.0), R(11.0)
- A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
- The patch addresses the intent in NetworkPolicyManagerService to prevent unprivileged access.
SVE-2021-22278 (CVE-2021-25454): OOB read vulnerability in ‘libsaacextractor.so’
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
- The patch adds length check code in libsaacextractor library.
SVE-2021-22291 (CVE-2021-25455): OOB read vulnerability in ‘libsaviextractor.so’
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
- The patch adds length check code in libsaviextractor library.
SVE-2021-22343 (CVE-2021-25456): OOB read vulnerability in ‘libswmfextractor.so’
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
- OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
- The patch adds length check code in libswmfextractor library.
SVE-2021-21969 (CVE-2021-25462): Null Pointer Dereference vulnerability in the NPU Driver
Severity: Low
Affected versions: P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
- NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- The patch adds proper input check to prevent null pointer dereference.
Samsung One UI 3.1.1
Released alongside the Galaxy Z Fold 3 and Galaxy Z Flip 3, the One UI 3.1.1 version is making its way to more and more Galaxy devices through software updates. So far, the company’s every flagship smartphone (including older foldables) has started grabbing the One UI 3.1.1 features.
What about Android 12 One UI 4?
Later last month, Samsung teased that the Android 12-based One UI 4 Beta is coming soon for the Galaxy S21 series smartphone owners in South Korea, the US and Germany. The Beta participation had already begun but the company is yet to deliver the first One UI 4 Beta build to the consumers.
This is going to be a big month for Samsung enthusiasts. In October 2023, Samsung will release new One UI updates, Galaxy FE products (likely to launch on the 4th), and the official One UI 6, powered by the Android 14 operating system.
In particular, October 2023 security updates will be released for plenty of Samsung devices throughout the month. In the first wave, the company’s popular Galaxy devices may be updated with the latest security patches, then the mid-range and budget ones.
Samsung is expected to reveal October 2023 patch details in the first week. We will make changes to this page, as soon as the company refreshes the software support page for Galaxy devices. Follow our socials → Google News, Telegram, X (formerly Twitter), Facebook
Samsung One UI October 2023 Updates List
September 22:
- Samsung already rolled out the October 2023 patch to Galaxy S23 w/ the fourth One UI 6 Beta.
The second Beta of One UI 6 brought the September 2023 security patch to the Galaxy S23 series in late August. At the same time, Samsung is rolling out the September 2023 updates to a range of Galaxy devices, and the patch details went live on the 5th.
Samsung officially disclosed that its September 2023 updates will be rolled out for a number of Galaxy devices. The company includes common vulnerability exposure items by Google in its Galaxy software along with additional Samsung vulnerability exposures.
Follow our socials → Google News, Telegram, X (formerly Twitter), Facebook
September 2023 Bulletin:
Android 14 & One UI 6:
Google has reportedly postponed the official launch of Android 14 by a month. Reports claim that there are a few vulnerabilities that are delaying the Stable OS release, and the launch could happen on October 4. Meanwhile, Samsung has been running the One UI 6 Beta Program since the last month.
Samsung One UI September 2023 Updates List
September 30
- Samsung Galaxy Galaxy A32, Galaxy A21s, Galaxy A02, and Galaxy M02 are getting a September 2023 update to enhance system security.
September 28
- September 2023 security update now available for for Galaxy A52s smartphone with a huge package size.
September 27
- Samsung Galaxy Z Fold 2 getting a new update with September 2023 update
- September 2023 update rolling out for Samsung Galaxy M32 smartphone.
September 25
- Samsung Galaxy S20, Galaxy S20 Plus, and Galaxy S20 Ultra smartphones are getting a September 2023 security update.
- Samsung Galaxy A72 users are getting a new huge update with a September 2023 security patch.
- Samsung is rolling out a new update for Galaxy S21, Galaxy S21 Plus, and Galaxy S21 Ultra, which installs the latest Android security patch released in September 2023.
September 21:
- Samsung has begun rolling out the September 2023 security update for Galaxy A54 5G smartphone users.
- Samsung has started releasing a September 2023 security update for Galaxy A03s smartphone.
September 19:
- Samsung has finally started releasing a new update for Galaxy S21 FE, which brings the latest Android security patch released in September 2023.
September 18:
- Samsung is rolling out a new update with the September 2023 update for the Galaxy A71 smartphone.
- Samsung is sending a new update for Galaxy A53 5G smartphone users, which installs the latest Android security patch released in September 2023.
September 17:
- The Galaxy A52 4G smartphone is getting a new update with September 2023 security patch to improve system security
September 16:
- Samsung has begun releasing the September 2023 security update for Galaxy S20 FE users
September 15:
- Samsung begins rolling out a new software update for the Galaxy A32 5G in the US.
September 14:
- Samsung is sending a new update with the September 2023 update for the Galaxy A13 5G smartphone in the US.
- Samsung Galaxy S23, Galaxy S23 Plus, and Galaxy S23 Ultra are getting the September 2023 security update in Europe.
- The Galaxy Z Flip 3 and Galaxy Z Flip are getting the September 2023 security update for unlocked models in the US
September 13:
- Samsung is releasing September 2023 security update for Galaxy S23 series, Galaxy A52 4G, Galaxy A72, and Galaxy Z Fold 2 smartphones
- Samsung has started rolling out a new update with a September 2023 security patch for Galaxy Z Fold 5 and Galaxy Z Flip 5
September 12:
- Samsung has pushed a September 2023 security update for Galaxy Note 20, Note 20 Ultra, Z Fold 3 and Z Fold 4
September 7:
- Galaxy S23 and Galaxy S22 series received the latest security patch on One UI 5.1 software.
September 5:
- September 2023 patch rolled out for Galaxy A14 5G, making it the first Samsung phone to get the update on Stable channel.
August 31:
- Samsung’s September 2023 patch is already out for Galaxy S23 One UI 6 Beta participants
Samsung already rolled out a September 2023 security update for a bunch of Galaxy devices and the company is now making it available for 4 more Galaxy smartphones – Galaxy A32, Galaxy A21s, Galaxy A02, and Galaxy M02. The latest update improves system security and stability by installing the latest Android security patch.
September 2023 security patch mends over 60 flaws, which are mainly related to Samsung Keyboard, Dual Messenger, Knox AI, Phone and Messaging Storage, One UI Home, Weather, and more.
Latest Firmware:
- Galaxy A32 5G – A326U1UESBDWI1
- Galaxy A21s – A217FXXSADWI1
- Galaxy A02 – A022GDXS3BWH1
- Galaxy M02 – M022FXXS3BWH1
How to Update:
If you have received the notification of the update then install it now to get a bug-free experience. You can also check the update by visiting the Settings app on your smartphone and opening the Software Update section.
Now, click on the Download and install option. If any update is available, you can follow the on-screen instructions to install the update on your Galaxy smartphone.
