Updates
Samsung May 2023 One UI patch fixes issues of bootloader, Call, App Lock, and more
Samsung published May 2023 One UI patch details for Galaxy users. This security maintenance release will bring fixes for 21 Samsung Vulnerabilities and Exposures (SVE) items along with more than 58 common vulnerability exposures by Google.
Samsung May 2023 One UI patch
SVE-2023-0010 (CVE-2023-21489)
Out-of-bounds write vulnerability in bootloader
Heap out-of-bounds write vulnerability in bootloader before SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code on Galaxy devices running Android 11/12/13 OS with Qualcomm processor onboard, the May 2023 release adds proper boundary check logic.
SVE-2022-2946 (CVE-2023-21486, CVE-2023-21485)
Improper export of Android application components in Call Settings
Improper export of Android application components vulnerability in Call Settings allows physical attackers to access some media data stored in the sandbox, which may have affected Galaxy devices running Android 11, 12, and 13. Samsung’s May One UI patch includes a proper solution to the vulnerability.
SVE-2022-2957(CVE-2023-21487)
Improper access control vulnerability in Telephony framework
Samsung phones on Android OS (v11, v12, and v13) may have been affected by improper access control vulnerability in the Telephony framework, which lets local attackers change a call setting. Thankfully, the new patch brings proper permission to protect a receiver.
SVE-2022-2821(CVE-2023-21484)
Improper access control vulnerability in AppLock
Improper access control vulnerability in AppLock allows local attackers without proper permission to execute a privileged operation on Samsung devices with Android 11, 12, and 13. Meanwhile, the May patch adds a permission check.
In addition, Samsung’s latest Galaxy security software brings patches to a handful of more moderate issues related to FactoryTest, Knox Enrollment Service, SemShareFileProvider, ActivityManagerService, ThemeManager, GearManagerStub, Tips, Shannon, Exynos CP chipsets and more.
May 2023 Android patch
Alongside the One UI patches, Samsung’s May 2023 software will include Android CVE items discovered and patched by Google too. Per the details, it solves 4 critical, 48 high and 3 moderate level of common vulnerability exposures, however, 2 were fixed in the previous release and 1 isn’t applicable on Galaxy devices.
Critical
- CVE-2022-33231, CVE-2022-33288, CVE-2022-33289, CVE-2022-33302
High
CVE-2022-32599, CVE-2022-41757, CVE-2022-38181, CVE-2022-36449, CVE-2022-33917, CVE-2022-42716, CVE-2021-0873, CVE-2021-0884, CVE-2021-0883, CVE-2021-0882, CVE-2021-0881, CVE-2021-0880, CVE-2021-0879, CVE-2021-0878, CVE-2021-0874, CVE-2021-0875
CVE-2021-0876, CVE-2021-0872, CVE-2021-0885, CVE-2022-4696, CVE-2023-20941, CVE-2023-20656, CVE-2023-20654, CVE-2023-20652, CVE-2023-20653, CVE-2023-20657, CVE-2022-33269, CVE-2023-21630, CVE-2022-33270, CVE-2022-40503, CVE-2022-47335
CVE-2022-47336, CVE-2022-47338, CVE-2022-47337, CVE-2021-39617, CVE-2022-20338, CVE-2023-20993, CVE-2023-21109, CVE-2023-21117, CVE-2023-20914, CVE-2023-21104, CVE-2023-20930, CVE-2023-21110, CVE-2022-20444, CVE-2023-21112, CVE-2023-21118, CVE-2023-21103, CVE-2023-21111
Moderate
- CVE-2022-22706, CVE-2023-21116, CVE-2023-0266
Already included in previous updates
- CVE-2023-20655, CVE-2022-40532
Not applicable to Samsung devices
- CVE-2023-21107
| Source |