Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN027 _____________________________________________________________________ DATE : 21/01/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Android 12, 13, 14 devices. ===================================================================== https://security.samsungmobile.com/securityUpdate.smsb _____________________________________________________________________ SMR-JAN-2025 Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung. Google patches include patches up to Android Security Bulletin – January 2025 package. The Bulletin (January 2025) contains the following CVE items: Critical CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, CVE-2024-49748 High CVE-2024-43077, CVE-2024-43701, CVE-2024-33056, CVE-2024-33044, CVE-2024-43052, CVE-2022-42545, CVE-2024-49732, CVE-2024-49735, CVE-2024-49737, CVE-2024-49738, CVE-2024-49744, CVE-2024-49745, CVE-2023-40108, CVE-2024-49733, CVE-2023-40132, CVE-2024-49749, CVE-2024-34722, CVE-2024-34730, CVE-2024-43095, CVE-2024-43765, CVE-2024-49742, CVE-2024-49734, CVE-2024-43763, CVE-2024-49736 Moderate None Already included in previous updates CVE-2024-20125 Not applicable to Samsung devices CVE-2024-43048, CVE-2024-33063 ※ Please see Android Security Bulletin for detailed information on Google patches. Along with Google patches, Samsung Mobile provides 22 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Jan-2025 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release. SVE-2024-0274(CVE-2025-20881): Out-of-bounds write in libsthmbc.so Severity: High Affected versions: Android 12, 13, 14 Reported on: February 2, 2024 Disclosure status: Privately disclosed Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. The patch adds proper input validation. SVE-2024-0308(CVE-2025-20882): Out-of-bounds write in libsthmbc.so Severity: High Affected versions: Android 12, 13, 14 Reported on: February 7, 2024 Disclosure status: Privately disclosed Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. The patch adds proper input validation. SVE-2024-1217(CVE-2025-20883): Improper access control in SoundPicker Severity: High Affected versions: Android 12, 13, 14 Reported on: May 29, 2024 Disclosure status: Privately disclosed Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. The patch adds proper access control. SVE-2024-1527(CVE-2025-20884): Improper access control in Samsung Message Severity: High Affected versions: Android 12, 13, 14 Reported on: July 31, 2024 Disclosure status: Privately disclosed Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. The patch adds proper access control. SVE-2024-1828(CVE-2025-20885): Out-of-bounds write in softsim TA Severity: High Affected versions: Select Android 12, 13, 14 devices Reported on: September 19, 2024 Disclosure status: Privately disclosed Out-of-bounds write in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. The patch adds proper input validation. SVE-2024-1834(CVE-2025-20886): Inclusion of sensitive information in test code in softsim TA Severity: Moderate Affected versions: Select Android 12, 13, 14 devices Reported on: September 19, 2024 Disclosure status: Privately disclosed Inclusion of sensitive information in test code in softsim TA prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. The patch removes test code. SVE-2024-1875(CVE-2025-20893): Improper access control in NotificationManager Severity: Moderate Affected versions: Android 14 Reported on: September 25, 2024 Disclosure status: Privately disclosed Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications. The patch adds proper access control. SVE-2024-2153(CVE-2025-20887): Out-of-bounds read in libsthmbc.so Severity: Moderate Affected versions: Android 12, 13, 14 Reported on: November 12, 2024 Disclosure status: Privately disclosed Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. The patch adds proper input validation. SVE-2024-2154(CVE-2025-20888): Out-of-bounds write in libsthmbc.so Severity: High Affected versions: Android 12, 13, 14 Reported on: November 12, 2024 Disclosure status: Privately disclosed Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. The patch adds proper input validation. SVE-2024-2156(CVE-2025-20889): Out-of-bounds read in libsthmbc.so Severity: Moderate Affected versions: Android 12, 13, 14 Reported on: November 12, 2024 Disclosure status: Privately disclosed Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. The patch adds proper input validation. SVE-2024-2157(CVE-2025-20890): Out-of-bounds write in libsthmbc.so Severity: High Affected versions: Android 12, 13, 14 Reported on: November 12, 2024 Disclosure status: Privately disclosed Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. The patch adds proper input validation. SVE-2024-2158(CVE-2025-20891): Out-of-bounds read in libsthmbc.so Severity: Moderate Affected versions: Android 12, 13, 14 Reported on: November 12, 2024 Disclosure status: Privately disclosed Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. The patch removed deprecated implementation. SVE-2024-2171(CVE-2025-20892): Protection Mechanism Failure in bootloader Severity: High Affected versions: Select Android 13, 14 devices using MediaTek chipset Reported on: November 14, 2024 Disclosure status: Privately disclosed Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to execute fastboot command. User interaction is required for triggering this vulnerability. The patch enables Samsung bootloader feature. Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time. Acknowledgements ycmint working at ADLab of VenusTech: SVE-2024-1217 Sam of Honor Cyber Security Lab: SVE-2024-1527 tdx: SVE-2024-1828, SVE-2024-1834 hsia.angsh: SVE-2024-1875 Andrea Toska: SVE-2024-2171 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================