| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-30162 |
|
|
Bypass |
2021-04-06 |
2021-04-13 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). |
|
2 |
CVE-2020-25065 |
203 |
|
|
2020-08-31 |
2020-09-01 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020). |
|
3 |
CVE-2020-25064 |
|
|
|
2020-08-31 |
2020-09-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020). |
|
4 |
CVE-2018-21092 |
20 |
|
|
2020-04-08 |
2020-04-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). |
|
5 |
CVE-2018-21091 |
755 |
|
|
2020-04-08 |
2020-04-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018). |
|
6 |
CVE-2018-21087 |
787 |
|
Overflow |
2020-04-08 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018). |
|
7 |
CVE-2018-21086 |
362 |
|
|
2020-04-08 |
2020-04-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018). |
|
8 |
CVE-2018-21085 |
362 |
|
|
2020-04-08 |
2020-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018). |
|
9 |
CVE-2018-21084 |
362 |
|
|
2020-04-08 |
2020-04-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018). |
|
10 |
CVE-2018-21083 |
200 |
|
+Info |
2020-04-08 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018). |
|
11 |
CVE-2018-21079 |
401 |
|
|
2020-04-08 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018). |
|
12 |
CVE-2018-21078 |
20 |
|
|
2020-04-08 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). |
|
13 |
CVE-2018-21077 |
200 |
|
+Info |
2020-04-08 |
2020-04-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018). |
|
14 |
CVE-2018-21074 |
200 |
|
+Info |
2020-04-08 |
2020-04-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018). |
|
15 |
CVE-2018-21072 |
125 |
|
Exec Code |
2020-04-08 |
2020-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018). |
|
16 |
CVE-2018-21071 |
200 |
|
+Info |
2020-04-08 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018). |
|
17 |
CVE-2018-21067 |
200 |
|
+Info |
2020-04-08 |
2020-04-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018). |
|
18 |
CVE-2018-21066 |
120 |
|
Overflow Mem. Corr. |
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018). |
|
19 |
CVE-2018-21065 |
191 |
|
|
2020-04-08 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018). |
|
20 |
CVE-2018-21063 |
|
|
|
2020-04-08 |
2020-04-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018). |
|
21 |
CVE-2018-9459 |
22 |
|
Dir. Trav. |
2018-11-06 |
2019-01-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183. |
|
22 |
CVE-2018-9455 |
125 |
|
DoS |
2018-11-06 |
2018-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78136677. |
|
23 |
CVE-2018-9454 |
125 |
|
|
2018-11-06 |
2018-12-12 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78286118. |
|
24 |
CVE-2018-9453 |
125 |
|
|
2018-11-06 |
2018-12-13 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78288378. |
|
25 |
CVE-2018-9451 |
125 |
|
|
2018-11-06 |
2018-12-12 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79488511. |
|
26 |
CVE-2018-9450 |
787 |
|
Exec Code |
2018-11-06 |
2018-12-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79541338. |
|
27 |
CVE-2018-9446 |
787 |
|
Exec Code Mem. Corr. |
2018-11-06 |
2018-12-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946. |
|
28 |
CVE-2018-9445 |
22 |
|
Dir. Trav. |
2018-11-06 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. This could lead to local escalation of privilege when mounting a USB device with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80436257. |
|
29 |
CVE-2018-9444 |
835 |
|
DoS Exec Code |
2018-11-06 |
2019-10-03 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android ID: A-63521984. |
|
30 |
CVE-2018-9437 |
125 |
|
DoS |
2018-11-06 |
2018-12-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78656554. |
|
31 |
CVE-2018-9436 |
125 |
|
|
2018-11-06 |
2018-12-12 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722. |
|
32 |
CVE-2018-9362 |
20 |
|
DoS |
2018-11-06 |
2018-12-12 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611. |
|
33 |
CVE-2018-9361 |
125 |
|
|
2018-11-06 |
2018-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041. |
|
34 |
CVE-2018-9360 |
125 |
|
|
2018-11-06 |
2018-12-13 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143. |
|
35 |
CVE-2018-9359 |
125 |
|
|
2018-11-06 |
2018-12-14 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74196706. |
|
36 |
CVE-2018-9358 |
125 |
|
|
2018-11-06 |
2020-08-24 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115. |
|
37 |
CVE-2018-9357 |
787 |
|
|
2018-11-06 |
2018-12-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. |
|
38 |
CVE-2018-9356 |
415 |
|
Exec Code |
2018-11-06 |
2018-12-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468. |
|
39 |
CVE-2018-9355 |
787 |
|
Exec Code |
2018-11-06 |
2018-12-14 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74016921. |
|
40 |
CVE-2018-5383 |
347 |
|
|
2018-08-07 |
2019-10-03 |
4.3 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
None |
|
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. |
|
41 |
CVE-2017-18695 |
522 |
|
|
2020-04-07 |
2020-04-08 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017). |
|
42 |
CVE-2017-18693 |
120 |
|
Overflow |
2020-04-07 |
2020-04-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 2017). |
|
43 |
CVE-2017-18688 |
125 |
|
|
2020-04-07 |
2020-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.0) software. There is an information disclosure (of memory locations outside a buffer) via /dev/dsm_ctrl_dev. The Samsung ID is SVE-2016-7340 (January 2017). |
|
44 |
CVE-2017-18687 |
200 |
|
+Info |
2020-04-07 |
2020-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. An attacker can obtain the full pathnames of sdcard files by reading the system protected log upon reception of a certain intent. The Samsung ID is SVE-2016-7183 (January 2017). |
|
45 |
CVE-2017-18686 |
200 |
|
+Info |
2020-04-07 |
2020-04-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software. Contact information can leak to a log file because of the broadcasting of an unprotected intent. The Samsung ID is SVE-2016-7180 (February 2017). |
|
46 |
CVE-2017-18685 |
20 |
|
|
2020-04-07 |
2020-04-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017). |
|
47 |
CVE-2017-18684 |
20 |
|
|
2020-04-07 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017). |
|
48 |
CVE-2017-18683 |
20 |
|
|
2020-04-07 |
2020-04-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017). |
|
49 |
CVE-2017-18682 |
755 |
|
|
2020-04-07 |
2020-04-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Because of incorrect exception handling and an unprotected intent, AudioService can cause a system crash, The Samsung IDs are SVE-2017-8114, SVE-2017-8116, and SVE-2017-8117 (March 2017). |
|
50 |
CVE-2017-18680 |
20 |
|
|
2020-04-07 |
2020-04-08 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017). |
