Samsung June 2021 One UI Security Patch brings fixes for these new CVEs

Usually, Samsung introduced the One UI security patch for June 2021 before changing the calendar month, even ahead of Google. The Galaxy S21 series will be the first to receive the latest security patch from this month a week ago.

JOIN SAMSUNG ON TELEGRAM

Moving on, the company expanded this latest security improvement package to more Galaxy devices in various regions, and all the latest and older (eligible) flagship phones began to be wirelessly broadcast to various smartphone markets.

Well, the most awaited Samsung June 2021 security bulletin has been officially released, which includes dozens of new fixes for CVEs from Google and Samsung. At the same time, the company said that some vulnerabilities have been fixed through previous patches, and some are not applicable on Galaxy devices.

As per the official documents, Samsung’s June 2021 security patch update brings fixes for 2 Critical (CVE-2021-0507, CVE-2021-0516), 27 High, and 5 Moderate levels of CVEs to Galaxy phones and tablets. While fixes for 9 new CVEs already included in previous updates and 4 not applicable to Samsung device

Samsung Android June 2021 Security Bulletin [New CVE Fixes]

Critical

CVE-2021-0507, CVE-2021-0516

High

CVE-2021-1891, CVE-2020-11284, CVE-2021-1905, CVE-2021-1915, CVE-2021-1927, CVE-2021-28663, CVE-2021-28664, CVE-2021-0495, CVE-2020-11279, CVE-2020-11273, CVE-2020-11274, CVE-2020-11285, CVE-2020-29661, CVE-2019-2219, CVE-2021-0511, CVE-2021-0521, CVE-2021-0508, CVE-2021-0509, CVE-2021-0510, CVE-2021-0520, CVE-2021-0505, CVE-2021-0506, CVE-2021-0523, CVE-2021-0504, CVE-2021-0517, CVE-2021-0522, CVE-2021-0304

Moderate

CVE-2021-1906, CVE-2021-0381, CVE-2020-0025, CVE-2021-0385, CVE-2021-0389

Already included in previous updates

CVE-2021-0492, CVE-2021-0491, CVE-2021-0493, CVE-2021-0494, CVE-2021-0497, CVE-2021-0498, CVE-2021-0489, CVE-2021-0490, CVE-2021-0496

Not applicable to Samsung devices

CVE-2021-0467, CVE-2020-11288, CVE-2020-11289, CVE-2021-1910

Samsung Android June 2021 Security Bulletin [New CVE Fixes]

Alongside Google patches, Samsung provides 19 SVE items in order to improve Galaxy device owners’ confidence in security. You can check the list below.

Note: Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.

1. SVE-2021-20702 (CVE-2021-25410): Arbitrary file access vulnerability in CallBGProvider
2. SVE-2021-20877 (CVE-2021-25413): Possible to access arbitrary content providers
3. SVE-2021-20879 (CVE-2021-25414): Possible to theft or overwrite arbitrary files
4. SVE-2021-21161 (CVE-2021-25407): Out of bounds write in Samsung NPU driver
5. SVE-2021-20641 (CVE-2021-25417): Improper authorization in SDP SDK
6. SVE-2021-20984 (CVE-2021-25412): Improper access control in genericsso service service
7. SVE-2021-20948 (CVE-2021-25409): Configure Notification settings without authorization
8. SVE-2021-20178 (CVE-2021-25415): Possible remapping RKP memory as writable from EL1
9. SVE-2021-20179 (CVE-2021-25416): Possible creating executable kernel page via abusing dynamic load functions
10. SVE-2021-20176 (CVE-2021-25411): Vulnerable api in RKP allows attackers to write read-only kernel memory
11. SVE-2021-21074 (CVE-2021-25408): Buffer overflow in Samsung NPU driver