SB2025030428 - Multiple vulnerabilities in Samsung Notes
Published: March 4, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2025-20927)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in parsing image data. A local attacker can trigger an out-of-bounds read error and read contents of memory on the system.
2) Out-of-bounds write (CVE-ID: CVE-2025-20931)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
3) Out-of-bounds write (CVE-ID: CVE-2025-20932)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
4) Out-of-bounds write (CVE-ID: CVE-2025-20933)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
5) Out-of-bounds read (CVE-ID: CVE-2025-20925)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in applying binary of text data. A local attacker can trigger an out-of-bounds read error and read contents of memory on the system.
6) Out-of-bounds write (CVE-ID: CVE-2025-20929)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in parsing jpeg image. A local attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
7) Out-of-bounds read (CVE-ID: CVE-2025-20930)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in parsing jpeg image. A local attacker can trigger an out-of-bounds read error and read contents of memory on the system.
8) Improper access control (CVE-ID: CVE-2025-20924)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. An attacker with physical access can bypass implemented security restrictions and gain access to data across multiple user profiles.
9) Out-of-bounds read (CVE-ID: CVE-2025-20928)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in parsing wbmp image. A local attacker can trigger an out-of-bounds read error and read contents of memory on the system.
10) Out-of-bounds read (CVE-ID: CVE-2025-20922)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in appending text paragraph. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
11) Out-of-bounds read (CVE-ID: CVE-2025-20921)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in applying binary of text content. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
12) Out-of-bounds read (CVE-ID: CVE-2025-20920)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in action link data. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
13) Out-of-bounds read (CVE-ID: CVE-2025-20919)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in applying binary of video content. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
14) Out-of-bounds read (CVE-ID: CVE-2025-20918)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in applying extra data of base content. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
15) Out-of-bounds read (CVE-ID: CVE-2025-20917)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in applying binary of pdf content. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
16) Out-of-bounds read (CVE-ID: CVE-2025-20916)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in reading string of SPen. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
17) Out-of-bounds read (CVE-ID: CVE-2025-20915)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in applying binary of voice content. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
18) Out-of-bounds read (CVE-ID: CVE-2025-20914)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in applying binary of hand writing content. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
19) Out-of-bounds read (CVE-ID: CVE-2025-20913)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in applying binary of drawing content. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.