CVE-2023-28578

Name of the Vulnerable Software and Affected Versions Core Services (affected versions not specified) Qualcomm embedded platform software (affected versions not specified) Samsung Galaxy series devices, including S23, S22, and S21 series (affected versions not specified)

Description The issue is related to memory corruption in Core Services when removing a single event listener. There is also a mention of a vulnerability in Qualcomm's embedded platform software due to insufficient input validation, which could allow an attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is in the millions, specifically affecting Samsung Galaxy series users.

Recommendations For Core Services, consider disabling the event listener removal command until a patch is available. For Qualcomm embedded platform software, restrict access to the vulnerable module to minimize the risk of exploitation. For Samsung Galaxy series devices, including S23, S22, and S21 series, update to the latest software version that includes the critical security patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Core Services and Qualcomm embedded platform software.