Multiple High Severity Vulnerabilities in Samsung Products
Published on 16 Dec 2023
Samsung has released security updates addressing multiple high severity vulnerabilities (CVE-2023-42564, CVE-2023-42563, CVE-2023-42562, CVE-2023-42561, CVE-2023-42568, CVE-2023-42560, CVE-2023-42567, CVE-2023-42566, CVE-2023-42565) in Samsung products.
The vulnerabilities and affected product versions are:
• CVE-2023-42564: An improper access control vulnerability that could allow an attacker to send broadcast message with system privilege. This vulnerability affects Android versions 11, 12, 13 and 14.
• CVE-2023-42562, CVE-2023-42563: A lack of proper validation check that could allow an attacker to perform integer overflow. This vulnerability affects Android versions 12, 13 and 14.
• CVE-2023-42561, CVE-2023-42560, CVE-2023-42566: An out-of-bounds write vulnerability that could allow an attacker to perform arbitrary code execution. This vulnerability affects Android versions 11, 12, 13 and 14.
• CVE-2023-42568: An improper access control vulnerability that could allow an attacker to gain system privileges and access arbitrary files. This vulnerability affects Android versions 12 and 13.
• CVE-2023-42567: A lack of proper input validation check that could allow an attacker to perform buffer overflow. This vulnerability affects Android version 14.
• CVE-2023-42565: An improper input validation vulnerability that could allow an attacker to perform arbitrary code execution with shell privilege. This vulnerability affects Android versions 13 and 14.
Users and administrators of the affected products versions are advised to update to the latest versions immediately.
More information is available here:
