Hard

**Name of the Vulnerable Software and Affected Versions** FilterProvider versions prior to SMR Dec-2021 Release 1 **Description** The issue is related to an improper validation vulnerability in FilterProvider, allowing attackers to write arbitrary files via a path traversal vulnerability. This enables attackers to potentially access and modify sensitive data. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to the SMR Dec-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tags versions prior to SMR Dec-2021 Release 1 **Description** The issue is related to improper intent redirection handling, allowing attackers to access sensitive information. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to SMR Dec-2021 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apps Edge application prior to SMR Dec-2021 Release 1 **Description** The issue is related to improper privilege management, allowing unauthorized access to some device data on the lockscreen. **Recommendations** For versions prior to SMR Dec-2021 Release 1, update to SMR Dec-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ipcdump versions prior to SMR Oct-2021 Release 1 Description: The issue allows an attacker to detect device information via analyzing packets in logs. This is an exposure of information vulnerability. Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: FactoryAirCommnadManger versions prior to SMR Sep-2021 Release 1 Description: The issue allows attackers to write files as system uid via a remote socket, exploiting a path traversal vulnerability. Recommendations: For versions prior to SMR Sep-2021 Release 1, update to SMR Sep-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Bluetooth APIs prior to SMR Sep-2021 Release 1 Description: The issue is related to improper access control in Bluetooth APIs, allowing untrusted applications to obtain Bluetooth information. Recommendations: For versions prior to SMR Sep-2021 Release 1, update to SMR Sep-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to Bluetooth APIs to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: NetworkPolicyManagerService versions prior to SMR Sep-2021 Release 1 Description: A PendingIntent hijacking issue in NetworkPolicyManagerService allows attackers to obtain IMSI data. Recommendations: For versions prior to SMR Sep-2021 Release 1, update to SMR Sep-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data handled by the NetworkPolicyManagerService until a patch is available.

Name of the Vulnerable Software and Affected Versions: FactoryCameraFB versions prior to 3.4.74 Description: The issue is related to improper access control, allowing untrusted applications to access arbitrary files with escalated privilege. Recommendations: For versions prior to 3.4.74, update to version 3.4.74 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Bluetooth application versions prior to SMR July-2021 Release 1 Description: The issue is related to improper privilege management, allowing an untrusted application to access Bluetooth information within the Bluetooth application. Recommendations: For versions prior to SMR July-2021 Release 1, update to SMR July-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Bluetooth application versions prior to SMR July-2021 Release 1 Description: The issue is related to improper access control in the Bluetooth application, allowing an untrusted application to access Bluetooth information. Recommendations: For versions prior to SMR July-2021 Release 1, update to SMR July-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: AR Emoji Editor versions prior to 4.4.03.5 Description: The issue is related to improper input validation, allowing untrusted applications to access arbitrary files with escalated privilege. This affects devices running Android Q (10.0) and above. Recommendations: For versions prior to 4.4.03.5, update to version 4.4.03.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: KME module prior to KCS version 1.39 Description: The issue is related to improper MDM policy management in the KME module, allowing MDM users to bypass Knox Manage authentication. Recommendations: For versions prior to KCS version 1.39, update to version 1.39 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Samsung Internet versions prior to 14.0.1.20 Description: The issue allows an attacker to execute privileged actions due to an intent redirection vulnerability. Recommendations: For versions prior to 14.0.1.20, update to version 14.0.1.20 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: RKP prior to SMR JUN-2021 Release 1 Description: An improper address validation in RKP allows local attackers to remap EL2 memory as writable, assuming EL1 is compromised. This issue enables attackers to potentially escalate privileges or execute malicious code. Recommendations: For RKP prior to SMR JUN-2021 Release 1, update to SMR JUN-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive memory regions to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Samsung Contacts versions prior to SMR JUN-2021 Release 1 Description: The issue is related to improper sanitization of incoming intent in Samsung Contacts, allowing local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. Recommendations: For versions prior to SMR JUN-2021 Release 1, update to SMR JUN-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: genericssoservice versions prior to SMR JUN-2021 Release 1 Description: The issue is related to improper access control in the genericssoservice, allowing local attackers to execute protected activities with system privilege via untrusted applications. Recommendations: For versions prior to SMR JUN-2021 Release 1, update to SMR JUN-2021 Release 1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Software (affected versions not specified) Description: The issue concerns improper access in the Notification setting, allowing physically proximate attackers to set arbitrary notifications by physically configuring the device. This affects devices prior to the SMR JUN-2021 Release 1. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Samsung Notes versions prior to 4.2.04.27 Description: An improper access control issue in ScreenOffActivity allows untrusted applications to access local files. Recommendations: For versions prior to 4.2.04.27, update to version 4.2.04.27 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Bixby Voice versions prior to 3.1.12 Description: The issue allows an attacker to access contacts due to an intent redirection vulnerability. Recommendations: For versions prior to 3.1.12, update to version 3.1.12 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Samsung Account versions prior to 10.8.0.4 Samsung Account versions prior to 12.2.0.9 in Android Q(10.0) and above Description: The issue allows an attacker to access contacts and file provider using the SettingWebView component. Recommendations: For versions prior to 10.8.0.4, update to version 10.8.0.4 or later. For versions prior to 12.2.0.9 in Android Q(10.0) and above, update to version 12.2.0.9 or later.