Samsung has now officially published the September 2022 security patch details for Galaxy devices, detailing which bugs, CVEs and SVEs will be fixed. The company is rolling out maintenance releases for flagship Galaxy devices as part of the Monthly Security Maintenance Release (SMR) process.
In addition to the CVE fix from Google, the September 2022 update also includes various SVE items from Samsung. The company detailed which Android OS bug (CVE) and One UI bug (SVE) will be fixed with the latest security updates throughout the month.
Stay tuned via SFCNation Telegram
September SMR CVE Items
Samsung’s September 2022 security update for Galaxy devices comes with 21 high-level and 3 medium-level CVEs. At the same time, there is no critical level of CVEs mentioned in the list by the company, whereas, 2 CVEs are already fixed with the previous updates and 4 are not applicable.
Critical
- None
High
- CVE-2021-39815, CVE-2022-20122, CVE-2021-0947, CVE-2021-0946, CVE-2021-0698, CVE-2021-0887, CVE-2021-0891, CVE-2021-30259, CVE-2022-22062, CVE-2022-22070, CVE-2022-22067, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990, CVE-2022-25314, CVE-2022-20218, CVE-2022-20392, CVE-2022-20393, CVE-2022-20395, CVE-2022-20398, CVE-2022-20396
Moderate
- CVE-2022-20197, CVE-2020-0500, CVE-2020-0293
Already included in previous updates
- CVE-2022-22080, CVE-2022-20239
Not applicable to Samsung devices
- CVE-2022-22061, CVE-2022-22069, CVE-2022-22059, CVE-2022-25668
September SMR SVE Items
In addition to Google’s CVE items, the South Korean tech giant also included 29 Samsung Vulnerability and Exposure (SVE) items to boost its customers’ confidence in the security of Galaxy phones and tablets. You can see the SVE list below.
SVE-2022-1254(CVE-2022-36847):
- Use after free vulnerability in mtp_send_signal function of MTP driver
SVE-2022-1249(CVE-2022-36849):
- Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver
SVE-2022-1086(CVE-2022-36845), SVE-2022-1083(CVE-2022-36841), SVE-2022-1082(CVE-2022-36844), SVE-2022-1081(CVE-2022-36843), SVE-2022-1080(CVE-2022-36860), SVE-2022-1079(CVE-2022-36863), SVE-2022-1077(CVE-2022-36862), SVE-2022-1076(CVE-2022-36842), SVE-2022-1075(CVE-2022-36846), SVE-2022-1074(CVE-2022-36858)
- A heap-based overflow vulnerability in libSDKRecognitionText.spensdk.samsung.so library
SVE-2022-1037(CVE-2022-36854):
- Out of bound read in libapexjni.media.samsung.so
SVE-2022-0934(CVE-2022-36848):
- Improper Authorization vulnerability in setDualDARPolicyCmd
SVE-2022-0899(CVE-2022-36852):
- Improper Authorization vulnerability in Video Editor
SVE-2022-0853(CVE-2022-36861):
- Custom permission misuse in SystemUI
SVE-2022-0815(CVE-2022-36853):
- Intent redirection in Photo Editor
SVE-2022-0803(CVE-2022-36856):
- Improper access control vulnerability in Telecom application
SVE-2022-0706(CVE-2022-36857):
- Improper Authorization vulnerability in Photo Editor
SVE-2022-0702(CVE-2022-36850):
- Path traversal vulnerability in CallBGProvider
SVE-2022-0619(CVE-2022-36855):
- Use After Free vulnerability in iva_ctl driver
Samsung mentioned that some of the SVE items included in the Samsung Android Security Update are not disclosed at this time.
( Source )
