Samsung has not yet begun the distribution of its latest month’s update for eligible devices but has officially published the December 2023 Android security patch details, revealing the fixes and improvements that the latest software update carries for Galaxy devices.
According to the information, Samsung’s December 2023 security patch brings fixes for 7 critical and 43 high levels of CVEs for the Android operating system. In addition, Samsung provides fixes for 16 Vulnerabilities and Exposures (SVE) items to improve user experience.
The latest security patch mends dozens of issues related to improper access control in KnoxCustom service and KnoxCustomManagerService. Additionally, Samsung Semiconductor provided patches for two moderate issues.
December 2023 Security Patch Bulletin
Critical
- CVE-2023-21671, CVE-2023-28574, CVE-2023-22388, CVE-2023-33045, CVE-2023-40077, CVE-2023-40076, CVE-2023-40088
High
- CVE-2023-28469, CVE-2023-20702, CVE-2023-32835, CVE-2023-32834, CVE-2023-33031, CVE-2023-33059, CVE-2023-33055, CVE-2023-33074, CVE-2023-28545, CVE-2023-24852, CVE-2023-33048, CVE-2023-33056, CVE-2023-33047, CVE-2023-33061, CVE-2023-40079, CVE-2023-40089, CVE-2023-40091, CVE-2023-40095, CVE-2023-40096, CVE-2023-40103, CVE-2023-45774, CVE-2023-45777, CVE-2023-21267, CVE-2023-40073, CVE-2023-40092, CVE-2023-40074, CVE-2023-40075, CVE-2023-40078, CVE-2023-40080, CVE-2023-40082, CVE-2023-40084, CVE-2023-40087, CVE-2023-40090, CVE-2023-40097, CVE-2023-45773, CVE-2023-45775, CVE-2023-45776, CVE-2023-35668, CVE-2023-40083, CVE-2023-21394, CVE-2023-40098, CVE-2023-45781, CVE-2023-40094(A-288896339, A-307719731)
Moderate
- None
Already included in previous updates
- CVE-2023-28556
Not applicable to Samsung devices
- CVE-2023-32836, CVE-2023-32837, CVE-2023-32832, CVE-2023-40081
One UI Patch Details
Samsung also addressed 16 issues specific to its devices, such as improper access control in knoxcustom service and KnoxCustomManagerService. Additionally, Samsung Semiconductor provided patches for two moderate issues.
- SVE-2023-1700(CVE-2023-42570): Improper access control vulnerability in KnoxCustomManagerService
- SVE-2023-1694(CVE-2023-42564): Improper access control in knoxcustom service
- SVE-2023-1621(CVE-2023-42563): Integer overflow vulnerability in libFacePreProcessingjni.camera.samsung.so
- SVE-2023-1620(CVE-2023-42562): Integer overflow vulnerability in libFacePreProcessingjni.camera.samsung.so
- SVE-2023-1488(CVE-2023-42569): Improper authorization verification vulnerability in AR Emoji
- SVE-2023-1480(CVE-2023-42561): Out-of-bounds write vulnerability in bootloader
- SVE-2023-1452(CVE-2023-42568): Improper access control vulnerability in SmartManagerCN
- SVE-2023-1440(CVE-2023-42560): Out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so
- SVE-2023-1430(CVE-2023-42559): Improper exception management vulnerability in Knox Guard
- SVE-2023-1393(CVE-2023-42558): Out of bounds write vulnerability in HDCP in HAL
- SVE-2023-1374(CVE-2023-42557): Out-of-bound write vulnerability in libIfaaCa
- SVE-2023-1350(CVE-2023-42567): Improper size check vulnerability in softsimd
- SVE-2023-1102(CVE-2023-42566): Out-of-bound write vulnerability in libsavsvc
- SVE-2023-1003(CVE-2023-42565): Improper input validation vulnerability in Smart Clip
- SVE-2023-0938(CVE-2023-42556): Implicit intent hijacking vulnerability in Contacts
