Updates
Samsung October 2021 Security Patch details are here!
As always, Samsung had already started distributing the October 2021 security patch to its Galaxy devices. However, the company has just released the details of its most up-to-date security update, which mentions fixes for dozens of CVEs and SVEs from Google and Samsung.
According to Samsung, its October 2021 security patch update brings fixes for 6 critical levels of CVEs namely CVE-2021-1886, CVE-2021-1889, CVE-2021-1888, CVE-2021-1890, CVE-2021-1933, and CVE-2021-1946. However, it also includes fixes for 24 high and 12 moderate levels of CVEs from Google.
Join SammyFans on Telegram | Twitter | Facebook
At the moment, Samsung Mobile is rolling out a maintenance release for major flagship models as part of the monthly Security Maintenance Release (SMR) process. To be mentioned, this Security Maintenance Release package includes patches from Google and Samsung.
Samsung October 2021 security patch contains the following CVE items:
Critical
- CVE-2021-1886, CVE-2021-1889, CVE-2021-1888, CVE-2021-1890, CVE-2021-1933, CVE-2021-1946
High
- CVE-2021-1923, CVE-2021-1909, CVE-2021-1935, CVE-2021-1952, CVE-2021-1934, CVE-2021-30290, CVE-2021-30294, CVE-2021-30295, CVE-2021-0695, CVE-2021-1948, CVE-2021-1941, CVE-2021-1974, CVE-2021-1971, CVE-2020-26558, CVE-2021-0703, CVE-2021-0652, CVE-2021-0705, CVE-2021-0708, CVE-2020-15358, CVE-2021-0702, CVE-2021-0651, CVE-2021-0483, CVE-2021-0643, CVE-2021-0706
Moderate
- CVE-2021-0534, CVE-2021-0568, CVE-2021-0554, CVE-2021-0563, CVE-2021-0535, CVE-2021-0543, CVE-2021-0544, CVE-2021-0545, CVE-2021-0546, CVE-2021-0541, CVE-2021-0542, CVE-2021-0551
Already included in previous updates
- CVE-2021-0571
Not applicable to Samsung devices
- CVE-2021-0681, CVE-2021-0680, CVE-2021-0636, CVE-2021-0635, CVE-2021-0540
In addition to the Google patches, Samsung also provides SVE (Samsung Vulnerabilities and Exposures) items, some of them described below.
SVE-2021-22636 (CVE-2021-25485): Path traversal vulnerability in FactoryAirCommandManager
Severity: High
Affected versions: Q(10.0), R(11.0)
Reported on: July 14, 2021
Disclosure status: Privately disclosed.
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
The patch fixes incorrect implementation of file path validation check logic.
SVE-2021-22658 (CVE-2021-25490): Downgrade attack in Keymaster TA
Severity: High
Affected versions: P(9.0), Q(10.0), R(11.0)
Reported on: July 16, 2021
Disclosure status: Privately disclosed.
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
The patch removes the legacy implementation for minor keyblob.
SVE-2021-21621 (CVE-2021-25491): Memory corruption vulnerabilities in kernel driver
Severity: Low
Affected versions: Selected P(9.0), Q(10.0), R(11.0) Exynos devices
Reported on: April 27, 2021
Disclosure status: Privately disclosed.
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
The patch adds proper validation logic to prevent null pointer dereference.
SVE-2021-22558 (CVE-2021-25472): Improper access control in BluetoothSettingsProvider
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: July 7, 2021
Disclosure status: Privately disclosed.
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
The patch adds the proper permission check to prevent improper access to BluetoothSettingsProvider.
SVE-2021-21958 (CVE-2021-25467): Kernel Local Privilege Escalation in the Vision DSP Kernel Driver
Severity: Moderate
Affected versions: R(11.0) devices with Exynos 980, 9830, 2100
Reported on: May 25, 2021
Disclosure status: Privately disclosed.
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.
The patch adds proper boundary check to prevent buffer overflow.
SVE-2021-21904 (CVE-2021-25468): Arbitrary read in the Widevine TA
Severity: High
Affected versions: Select Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: June 2, 2021
Disclosure status: Privately disclosed.
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
The patch adds the proper validation logic to prevent guessing a byte memory.
SVE-2021-21905 (CVE-2021-25469): Stack-based buffer overflow in the Widevine TA
Severity: High
Affected versions: Select Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: June 2, 2021
Disclosure status: Privately disclosed.
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
The patch adds proper boundary check and input validation to prevent buffer overflow.
SVE-2021-22065 (CVE-2021-25470): TEE can be compromised through the Widevine TA
Severity: Critical
Affected versions: Select P(9.0), Q(10.0), R(11.0) devices with Exynos and Mediatek chipsets
Reported on: June 2, 2021
Disclosure status: Privately disclosed.
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.
The patch addresses the caller check logic to prevent illegal use of SMC call.
SVE-2021-21906 (CVE-2021-25476): Pointer leak in Widevine TA
Severity: Moderate
Affected versions: Select Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: May 20, 2021
Disclosure status: Privately disclosed.
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
The patch fixes the problematic code.
SVE-2021-22327 (CVE-2021-25471): Possible replay attack before attach procedure completion
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0) devices with Exynos CP chipsets
Reported on: June 27, 2021
Disclosure status: Privately disclosed.
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.
The patch prevents replay attack by using NAS count.
SVE-2021-22412 (CVE-2021-25483): OOB read in libsflvextractor library
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: July 2, 2021
Disclosure status: Privately disclosed.
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
The patch adds proper boundary check to prevent out of bounds read.
SVE-2021-22215 (CVE-2021-25484): Unauthorized access in InputManagerService
Severity: Moderate
Affected versions: O(8.1 go), Q(10.0 go), R(11.0 go)
Reported on: June 14, 2021
Disclosure status: Privately disclosed.
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
The patch adds proper permission check logic in Android GO branches
SVE-2021-22360 (CVE-2021-25473): Local permanent denial of service in SystemUI
Severity: Moderate
Affected versions: R(11.0)
Reported on: June 28, 2021
Disclosure status: Privately disclosed.
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
The patch adds proper exception handling to prevent crash.
SVE-2021-22361 (CVE-2021-25474): Local permanent denial of service in SystemUI
Severity: Moderate
Affected versions: Q(10.0), R(11.0)
Reported on: June 28, 2021
Disclosure status: Privately disclosed.
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
The patch adds proper exception handling to prevent crash.
SVE-2021-20329 (CVE-2021-25486): Exposure of information vulnerability in ipcdump
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: January 16, 2021
Disclosure status: Privately disclosed.
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
The patch enforces access control of ipcdump.
SVE-2021-21957 (CVE-2021-25475): Kernel Local Privilege Escalation in the Vision DSP Kernel Diver
Severity: Moderate
Affected versions: Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets
Reported on: May 25, 2021
Disclosure status: Privately disclosed.
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
The patch adds proper boundary check to prevent buffer overflow.
SVE-2021-22199 (CVE-2021-25477): Baseband MCCH Double Free
Severity: High
Affected versions: Select P(9.0), Q(10.0), R(11.0) devices with MT6765,MT6853,MT6762 chipsets.
Reported on: June 11, 2021
Disclosure status: Privately disclosed.
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
The patch fixes the problematic code.
SVE-2021-22665 (CVE-2021-25487): Arbitrary code execution via OOB read in modem interface driver
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) Exynos devices
Reported on: July 16, 2021
Disclosure status: Privately disclosed.
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
The patch adds proper boundary check to prevent out of bounds read.
SVE-2021-22666 (CVE-2021-25488): OOB read in modem interface driver
Severity: Moderate
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) Exynos devices
Reported on: July 16, 2021
Disclosure status: Privately disclosed.
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
The patch adds proper boundary check to prevent out of bounds read.
SVE-2021-22051 (CVE-2021-25478): LTE RRC Connection Reconfiguration Stack Bufferoverflow
Severity: Critical
Affected versions: Select O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: June 1, 2021
Disclosure status: Privately disclosed.
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
The patch adds proper boundary check to prevent buffer overflow.
SVE-2021-22079 (CVE-2021-25479): LTE RRC Reconfiguration Heap-based Bufferoverflow
Severity: Critical
Affected versions: Select O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: June 3, 2021
Disclosure status: Privately disclosed.
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
The patch adds proper boundary check to prevent buffer overflow.
SVE-2021-22324 (CVE-2021-25480): Replayed GUTI REALLOCATION COMMAND accepted after SECURITY MODE COMMAND
Severity: High
Affected versions: O(8.x), P(9.0), Q(10.0), R(11.0) devices with Qualcomm chipsets
Reported on: June 27, 2021
Disclosure status: Privately disclosed.
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.
The patch adds proper check when a GUTI REALLOCATION COMMAND message is being reused.
SVE-2021-22403 (CVE-2021-25481): Baseband secure range can be disabled though an IOCTL
Severity: Moderate
Affected versions: Select O(8.1), P(9.0), Q(10.0), R(11.0) devices with Exynos chipsets
Reported on: July 1, 2021
Disclosure status: Privately disclosed.
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.
The patch fixes the problematic code.
SVE-2021-22563 (CVE-2021-25482): Multiple SQL Injection vulnerabilities in privileged content provider ‘com.samsung.android.cmfa.framework.provider.CmfaProvider’
Severity: Moderate
Affected versions: R(11.0)
Reported on: July 7, 2021
Disclosure status: Privately disclosed.
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.
The patch adds proper access control for the CMFA Provider in CMFA framework.
SVE-2021-22667 (CVE-2021-25489): Format string bug in modem interface driver
Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0) Exynos devices
Reported on: July 16, 2021
Disclosure status: Privately disclosed.
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
The patch addressed the issue.
Some SVE items included in the Samsung October 2021 Android Security Patch Update cannot be disclosed at this time.
Samsung
Verizon US brings September 2024 update to Galaxy S21 series
Samsung Galaxy S21, Galaxy S21 Plus, and Galaxy S21 Ultra users are getting the September 2024 security update on the Verizon network carrier in the US. The update installs the latest Android security patch to improve system security and stability. This update is already live in Europe and the company will soon make it available in more countries.
Users of the Samsung Galaxy S21 series can verify the September 2024 security update on Verizon US through One UI builds given below:
- G991USQSCGXH2 – Galaxy S21
- G996USQSCGXH2 – Galaxy S21 Plus
- G998USQSCGXH2 – Galaxy S21 Ultra
This latest update makes your device run better by fixing a bunch of security flaws. It resolves 1 critical issue and 43 high-level ones. Notably, 1 of these was fixed in past updates, and 1 isn’t related to Galaxy devices.
Moreover, Samsung is also rolling out 23 additional fixes for things like My Files, Theme Center, One UI Home, Knox, and Dex. Overall, the update makes your device more stable, secure, and reliable.
If you have received the notification of the update then install it now to get a bug-free experience. You can also check the update by visiting the Settings app on your smartphone and opening the Software Update section.
Now, click on the Download and install option. If any update is available, you can follow the on-screen instructions to install the update on your Galaxy smartphone.
Galaxy S21 series starts getting September 2024 security update
Samsung
US Galaxy S20 FE grabs September 2024 security update [Verizon]
Samsung has released the September 2024 security update for the Galaxy S20 FE, making the phone more secure and stable. The update is currently available on the Verizon network carrier in the US and will be rolled out to other countries soon.
September 2024 update focuses on improving security by fixing a number of issues. It addresses 1 critical problem and 43 high-level security issues. Additionally, there were 1 CVE (Common Vulnerability and Exposure) fixed in previous updates, and 1 CVE that does not affect Galaxy devices.
Moreover, Samsung is also adding 23 of its own security fixes, which fixes problems related to My Files, Theme Center, One UI Home, Knox, and Dex.
This new update aims to enhance the overall experience of using your Galaxy S20 FE by fixing these issues and improving system performance. However, since this is an initial rollout, it might take some time before it reaches all eligible devices.
September 2024 security update for Galaxy S20 FE smartphone comes with version number G781VSQSGHXH3 in the US. The update is about 232.11MB in size.
To check if the update is available for your phone, go to the Settings menu on your device. Scroll down to the Software Update section, open it, and then tap the “Download and Install” button. If the update is available for your device, it will start downloading and installing.
Samsung
Galaxy S21 series starts getting September 2024 security update
Samsung recently rolled out the latest security patch to Galaxy Z Fold 6, Galaxy Z Flip 6, Galaxy A55, and Galaxy A14 smartphones. Now, the company is making the September 2024 security update available for the Samsung Galaxy S21 series.
September 2024 security update arrives on Samsung Galaxy S21, Galaxy S21 Plus, and Galaxy S21 Ultra smartphones with One UI builds G991BXXSCGXH7, G996BXXSCGXH7 and G998BXXSCGXH7 respectively.
The fresh security update is currently live in European countries including Switzerland and the company will soon expand it. It is an initial rollout so it may take some hours or days to reach all eligible models. The installation package size of this update is around 270MB.
Samsung Galaxy S21 September 2024 security update – Switzerland (Europe) #Samsung #GalaxyS21 pic.twitter.com/JuHNC0Z2fp
— Samsung Software Updates (@SamsungSWUpdate) September 13, 2024
The company is dispatching the latest software update with system security improvements to keep your files and data safe on your phone. It also optimizes system stability to offer you uninterrupted and seamless functionality on your device.
It is worth mentioning that September 2024 security patch fixes over 55 issues including CVEs and SVEs from Google and Samsung. These fixes improve various features on your phone, such as My Files, Theme Center, One UI Home, Knox, Dex, and more.
You can check the update by navigating to the device’s Settings, then a Software update, and Download and Install. If you have received the update, install it now to get enhanced features.