Skyh1Ll

**Name of the Vulnerable Software and Affected Versions** Settings versions prior to SMR Dec-2024 Release 1 **Description** The issue is related to improper input validation in Settings, which allows local attackers to broadcast a signal for discovering Bluetooth on Galaxy Watch. This can be exploited by attackers to potentially gain unauthorized access. **Recommendations** For versions prior to SMR Dec-2024 Release 1, update to SMR Dec-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Settings feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dex Mode versions prior to SMR Nov-2024 Release 1 **Description** The issue is related to improper access control in Dex Mode, allowing physical attackers to temporarily access an unlocked screen. **Recommendations** For Dex Mode versions prior to SMR Nov-2024 Release 1, update to SMR Nov-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting physical access to devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Galaxy Watch versions prior to SMR Nov-2024 Release 1 **Description** The issue is related to improper input validation in the BluetoothAdapter, which allows local attackers to cause a local permanent denial of service on the Galaxy Watch. **Recommendations** For Galaxy Watch versions prior to SMR Nov-2024 Release 1, update to SMR Nov-2024 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Settings versions prior to SMR Nov-2024 Release 1 **Description** The issue is related to improper authorization in Settings, allowing physical attackers to access stored WiFi passwords in Maintenance Mode. This affects devices that have not been updated to the SMR Nov-2024 Release 1. **Recommendations** For versions prior to SMR Nov-2024 Release 1, update to the SMR Nov-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting physical access to devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Settings Suggestions versions prior to SMR Nov-2024 Release 1 **Description** The issue is related to improper input validation in Settings Suggestions, allowing local attackers to launch privileged activities. This could potentially lead to local privilege escalation. **Recommendations** For versions prior to SMR Nov-2024 Release 1, update to the SMR Nov-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to Settings Suggestions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** librtppayload.so versions prior to SMR Oct-2024 Release 1 **Description** The issue is an out-of-bounds write in parsing h.263 format, which allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this issue. **Recommendations** For versions prior to SMR Oct-2024 Release 1, update to SMR Oct-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `librtppayload.so` library until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsheifdecadapter.so versions prior to SMR Jun-2024 Release 1 **Description** The issue is related to improper input validation in libsheifdecadapter.so, which can lead to memory corruption when exploited by local attackers. **Recommendations** For versions prior to SMR Jun-2024 Release 1, update to SMR Jun-2024 Release 1 or later to resolve the issue.