Samsung has announced a new maintenance release for its Galaxy devices as part of its monthly security update. The company has published the details of the January 2024 security update, which includes patches from both Google and Samsung to fix various vulnerabilities and bugs that affect the Android system and Samsung devices.
The January 2024 security patch fixes 1 critical, 68 high, and 6 moderate levels of CVEs for the Android operating system. However, 1 CVE was resolved by previous updates from the company and 4 is not relevant to Galaxy devices.
The latest patch also includes 5 Samsung-specific patches, which improve the security and performance of the camera, the secure folder, the biometrics, the Wi-Fi, and the Bluetooth.
Android Patch Details
Critical
CVE-2022-40507
High
CVE-2023-4272, CVE-2023-32804, CVE-2023-3889, CVE-2023-21215, CVE-2023-21227, CVE-2023-21228, CVE-2023-21216, CVE-2023-21218, CVE-2023-21166, CVE-2023-21164, CVE-2023-21163, CVE-2023-21162, CVE-2023-21217, CVE-2023-21401, CVE-2023-21402, CVE-2023-21263, CVE-2023-35690, CVE-2023-21403, CVE-2023-32847, CVE-2023-32848, CVE-2023-32851, CVE-2022-22076, CVE-2023-21652, CVE-2023-21664, CVE-2023-21662, CVE-2023-33017, CVE-2023-28546, CVE-2023-28585, CVE-2023-28586, CVE-2023-33022, CVE-2023-33054, CVE-2023-28550, CVE-2023-28551, CVE-2023-33018, CVE-2023-33081, CVE-2023-33089, CVE-2023-33098, CVE-2023-33088, CVE-2023-33080, CVE-2023-33097, CVE-2023-33079, CVE-2023-33092, CVE-2023-33107, CVE-2023-33106, CVE-2023-33063, CVE-2023-33053, CVE-2023-33087, CVE-2023-45779, CVE-2022-48457, CVE-2022-48458, CVE-2022-48459, CVE-2022-48454, CVE-2022-48455, CVE-2022-48461, CVE-2022-48456, CVE-2023-32818, CVE-2023-21245, CVE-2024-0015, CVE-2024-0018, CVE-2024-0023, CVE-2024-0019, CVE-2024-0021, CVE-2023-35671, CVE-2024-0016, CVE-2024-0017, CVE-2024-0020, CVE-2023-21266, CVE-2023-40120
Moderate
CVE-2023-32842, CVE-2023-32844, CVE-2023-32846, CVE-2023-32841, CVE-2023-32843, CVE-2023-32845
Already included in previous updates
CVE-2023-4863
Not applicable to Samsung devices
CVE-2023-32850, CVE-2023-28587, CVE-2023-28588, CVE-2023-40085
One UI Patch Details
- SVE-2023-1689(CVE-2024-20806): Improper access control in Notification service
- SVE-2023-1667(CVE-2024-20802): Improper access control in Samsung DeX
- SVE-2023-1418(CVE-2024-20805): Path traversal vulnerability in MyFiles
- SVE-2023-1406(CVE-2024-20804): Path traversal vulnerability in MyFiles
- SVE-2023-1038(CVE-2024-20803): Improper authentication vulnerability in Bluetooth pairing process