Updates

Samsung December 2021 security patch details out!

Published

2 years ago

on

Over the past two weeks, Samsung updated various Galaxy devices to the December 2021 security patch, while the details of content have been just released. With the latest security patch update, the company bringing fixes to 5 critical, 22 high and 3 moderate CVEs from Google.

Among Google’s latest CVEs fixes, Samsung has already patched 1 issue with the previous security release, while 3 of them are not applicable to Galaxy devices. You can check the Samsung December 2021 security patch update details below, followed by additional SVEs fixes.

Join SammyFans on Telegram

Critical

  • CVE-2021-1924, CVE-2021-1975, CVE-2021-0967(P9.0), CVE-2021-0968, CVE-2021-0956

High

  • CVE-2021-1979, CVE-2021-30255, CVE-2021-1921, CVE-2021-1973, CVE-2021-0929, CVE-2021-0920, CVE-2021-30284, CVE-2021-30254, CVE-2021-1982, CVE-2021-1981, CVE-2021-1048, CVE-2021-0955, CVE-2021-0970, CVE-2021-0704, CVE-2021-0967(Q10,R11,S12), CVE-2021-0964, CVE-2021-0953, CVE-2021-0954, CVE-2021-0963, CVE-2021-0965, CVE-2021-0952, CVE-2021-0966

Moderate

  • CVE-2021-0958, CVE-2021-0969, CVE-2021-1903

Already included in previous updates

  • CVE-2021-0924

Not applicable to Samsung devices

  • CVE-2021-0672, CVE-2021-0889, CVE-2021-0927

In addition to the CVE fixes from Google, Samsung brought 18 SVE items, which are described below, to improve customers’ confidence in the security of Samsung Mobile devices. Some of the SVE items may not be included in this package as these items were already included in a previous maintenance release.

  • SVE-2021-22920: AMPDU sequence number attack
  • SVE-2021-20291 (CVE-2021-25516): Not standard-compliant behavior on handling RRC MeasurementReport message
  • SVE-2021-23037 (CVE-2021-25513): Information leak in lockscreen
  • SVE-2021-23271 (CVE-2021-25514): Intent redirection vulnerability in Tags
  • SVE-2021-23088 (CVE-2021-25515): BSSID exposure in SemRewardManager
  • SVE-2021-23076 (CVE-2021-25510, CVE-2021-25511): Camera privilege escalation and arbitrary file write in FilterProvider (system_app) in Samsung Device
  • SVE-2021-22943 (CVE-2021-25519): CPLC information exposure vulnerability
  • SVE-2021-23031 (CVE-2021-25512): Possible to launch any activities via LaunchAnyWhere vulnerability
  • SVE-2021-23016 (CVE-2021-25518): Arbitrary memory/register write in secure_log of BL31 and LDFW
  • SVE-2021-22719 (CVE-2021-25517): Loadable firmwares can be overwritten at runtime
Related Topics:
Exit mobile version