Connect with us

Updates

Samsung May 2023 One UI patch fixes issues of bootloader, Call, App Lock, and more

Published

on

Samsung November 2024 update plan

Samsung published May 2023 One UI patch details for Galaxy users. This security maintenance release will bring fixes for 21 Samsung Vulnerabilities and Exposures (SVE) items along with more than 58 common vulnerability exposures by Google.

Samsung May 2023 One UI patch

SVE-2023-0010 (CVE-2023-21489)

Out-of-bounds write vulnerability in bootloader

Heap out-of-bounds write vulnerability in bootloader before SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code on Galaxy devices running Android 11/12/13 OS with Qualcomm processor onboard, the May 2023 release adds proper boundary check logic.

SVE-2022-2946 (CVE-2023-21486, CVE-2023-21485)

Improper export of Android application components in Call Settings

Improper export of Android application components vulnerability in Call Settings allows physical attackers to access some media data stored in the sandbox, which may have affected Galaxy devices running Android 11, 12, and 13. Samsung’s May One UI patch includes a proper solution to the vulnerability.

SVE-2022-2957(CVE-2023-21487)

Improper access control vulnerability in Telephony framework

Samsung phones on Android OS (v11, v12, and v13) may have been affected by improper access control vulnerability in the Telephony framework, which lets local attackers change a call setting. Thankfully, the new patch brings proper permission to protect a receiver.

SVE-2022-2821(CVE-2023-21484)

Improper access control vulnerability in AppLock

Improper access control vulnerability in AppLock allows local attackers without proper permission to execute a privileged operation on Samsung devices with Android 11, 12, and 13. Meanwhile, the May patch adds a permission check.

In addition, Samsung’s latest Galaxy security software brings patches to a handful of more moderate issues related to FactoryTest, Knox Enrollment Service, SemShareFileProvider, ActivityManagerService, ThemeManager, GearManagerStub, Tips, Shannon, Exynos CP chipsets and more.

Samsung Galaxy Software Update

May 2023 Android patch

Alongside the One UI patches, Samsung’s May 2023 software will include Android CVE items discovered and patched by Google too. Per the details, it solves 4 critical, 48 high and 3 moderate level of common vulnerability exposures, however, 2 were fixed in the previous release and 1 isn’t applicable on Galaxy devices.

Critical

  • CVE-2022-33231, CVE-2022-33288, CVE-2022-33289, CVE-2022-33302

High

CVE-2022-32599, CVE-2022-41757, CVE-2022-38181, CVE-2022-36449, CVE-2022-33917, CVE-2022-42716, CVE-2021-0873, CVE-2021-0884, CVE-2021-0883, CVE-2021-0882, CVE-2021-0881, CVE-2021-0880, CVE-2021-0879, CVE-2021-0878, CVE-2021-0874, CVE-2021-0875

CVE-2021-0876, CVE-2021-0872, CVE-2021-0885, CVE-2022-4696, CVE-2023-20941, CVE-2023-20656, CVE-2023-20654, CVE-2023-20652, CVE-2023-20653, CVE-2023-20657, CVE-2022-33269, CVE-2023-21630, CVE-2022-33270, CVE-2022-40503, CVE-2022-47335

CVE-2022-47336, CVE-2022-47338, CVE-2022-47337, CVE-2021-39617, CVE-2022-20338, CVE-2023-20993, CVE-2023-21109, CVE-2023-21117, CVE-2023-20914, CVE-2023-21104, CVE-2023-20930, CVE-2023-21110, CVE-2022-20444, CVE-2023-21112, CVE-2023-21118, CVE-2023-21103, CVE-2023-21111

Moderate

  • CVE-2022-22706, CVE-2023-21116, CVE-2023-0266

Already included in previous updates

  • CVE-2023-20655, CVE-2022-40532

Not applicable to Samsung devices

  • CVE-2023-21107

| Source |

James is the lead content creator on Sammy Fans and mostly works on Samsung's firmware section. His first phone was the Galaxy S4 and continues to get new S series devices. Most of the time, James tries to learn about new technologies and gadgets but he also sneaks a bit of free time to nearby rivers and nature.