Samsung
Samsung Unveils December 2024 Security Patch Details
We are on the 3rd day of December 2024, and Samsung has officially announced the details of the security patch for Galaxy devices for the last month of the year. This patch improves the system’s security and stability to enhance the overall experience.
According to the scope page, the December 2024 security patch addresses more than 45 security vulnerabilities. It includes patches for both Google and Samsung-specific issues, helping to protect devices from threats.
Google patches in this update cover six critical vulnerabilities and 28 high-level ones. There is also 1 issue that was previously fixed in earlier updates and another that is not applicable to Samsung devices.
In addition to the Google patches, Samsung has addressed 2 high-level vulnerabilities in its semiconductor products. Along with these fixes, Samsung has also provided 8 patches under its Samsung Vulnerabilities and Exposures (SVE) items. These focus on issues with the Theme Center, Galaxy Watch Bluetooth, SmartSwitch, and Dex Mode.
Although Samsung has not yet begun rolling out the December 2024 security patch to Galaxy devices, it will be available soon to all eligible devices.
Samsung December 2024 Security Update Details
Critical
- CVE-2024-38408, CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, CVE-2024-49748
High
- CVE-2024-34747, CVE-2024-40671, CVE-2024-34729, CVE-2024-31337, CVE-2023-35659, CVE-2023-35686, CVE-2024-23715, CVE-2024-36978, CVE-2024-46740, CVE-2024-20106, CVE-2024-20104, CVE-2024-23385, CVE-2024-38403, CVE-2024-38424, CVE-2024-38415, CVE-2024-38423, CVE-2024-38421, CVE-2024-21455, CVE-2024-43047, CVE-2024-38405, CVE-2024-43762, CVE-2024-43764, CVE-2024-43769, CVE-2024-43767, CVE-2024-43097, CVE-2024-43768, CVE-2024-43766, CVE-2024-43763
Moderate
- None
Already included in previous updates
- CVE-2024-38402
Not applicable to Samsung devices
- CVE-2024-38422
Samsung Semiconductor
High
- CVE-2024-39343, CVE-2024-39890
Samsung
- SVE-2024-1485(CVE-2024-49410): Out-of-bounds write in libswmfextractor.so
- SVE-2024-1808(CVE-2024-49411): Path Traversal in ThemeCenter
- SVE-2024-1845(CVE-2024-49415): Out-of-bound write in libsaped.so
- SVE-2024-1885(CVE-2024-49412): Improper input validation in Settings
- SVE-2024-2044(CVE-2024-49413): Improper Verification of Cryptographic Signature in SmartSwitch
- SVE-2024-2166(CVE-2024-49414): Authentication Bypass Using an Alternate Path in Dex Mode