Samsung releases September 2022 Security Maintenance Release details

Samsung September 2022 update

Samsung has now officially published the September 2022 security patch details for Galaxy devices, detailing which bugs, CVEs and SVEs will be fixed. The company is rolling out maintenance releases for flagship Galaxy devices as part of the Monthly Security Maintenance Release (SMR) process.

In addition to the CVE fix from Google, the September 2022 update also includes various SVE items from Samsung. The company detailed which Android OS bug (CVE) and One UI bug (SVE) will be fixed with the latest security updates throughout the month.

Stay tuned via SFCNation Telegram

September SMR CVE Items

Samsung’s September 2022 security update for Galaxy devices comes with 21 high-level and 3 medium-level CVEs. At the same time, there is no critical level of CVEs mentioned in the list by the company, whereas, 2 CVEs are already fixed with the previous updates and 4 are not applicable.

Critical

  • None

High

  • CVE-2021-39815, CVE-2022-20122, CVE-2021-0947, CVE-2021-0946, CVE-2021-0698, CVE-2021-0887, CVE-2021-0891, CVE-2021-30259, CVE-2022-22062, CVE-2022-22070, CVE-2022-22067, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990, CVE-2022-25314, CVE-2022-20218, CVE-2022-20392, CVE-2022-20393, CVE-2022-20395, CVE-2022-20398, CVE-2022-20396

Moderate

  • CVE-2022-20197, CVE-2020-0500, CVE-2020-0293

Already included in previous updates

  • CVE-2022-22080, CVE-2022-20239

Not applicable to Samsung devices

  • CVE-2022-22061, CVE-2022-22069, CVE-2022-22059, CVE-2022-25668

September SMR SVE Items

In addition to Google’s CVE items, the South Korean tech giant also included 29 Samsung Vulnerability and Exposure (SVE) items to boost its customers’ confidence in the security of Galaxy phones and tablets. You can see the SVE list below.

SVE-2022-1254(CVE-2022-36847):

  • Use after free vulnerability in mtp_send_signal function of MTP driver

SVE-2022-1249(CVE-2022-36849):

  • Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver

SVE-2022-1086(CVE-2022-36845), SVE-2022-1083(CVE-2022-36841), SVE-2022-1082(CVE-2022-36844), SVE-2022-1081(CVE-2022-36843), SVE-2022-1080(CVE-2022-36860), SVE-2022-1079(CVE-2022-36863), SVE-2022-1077(CVE-2022-36862), SVE-2022-1076(CVE-2022-36842), SVE-2022-1075(CVE-2022-36846), SVE-2022-1074(CVE-2022-36858)

  • A heap-based overflow vulnerability in libSDKRecognitionText.spensdk.samsung.so library

SVE-2022-1037(CVE-2022-36854):

  • Out of bound read in libapexjni.media.samsung.so

SVE-2022-0934(CVE-2022-36848):

  • Improper Authorization vulnerability in setDualDARPolicyCmd

SVE-2022-0899(CVE-2022-36852):

  • Improper Authorization vulnerability in Video Editor

SVE-2022-0853(CVE-2022-36861):

  • Custom permission misuse in SystemUI

SVE-2022-0815(CVE-2022-36853):

  • Intent redirection in Photo Editor

SVE-2022-0803(CVE-2022-36856):

  • Improper access control vulnerability in Telecom application

SVE-2022-0706(CVE-2022-36857):

  • Improper Authorization vulnerability in Photo Editor

SVE-2022-0702(CVE-2022-36850):

  • Path traversal vulnerability in CallBGProvider

SVE-2022-0619(CVE-2022-36855):

  • Use After Free vulnerability in iva_ctl driver

Samsung mentioned that some of the SVE items included in the Samsung Android Security Update are not disclosed at this time.

( Source )

 

Exit mobile version