News

Samsung releases August 2021 security patch details: What’s New?

Posted on

According to the official information, Samsung published the details of the July 2021 security patch. The latest security update brings fixes for 2 critical and 23 high levels of CVEs.

JOIN SAMSUNG ON TELEGRAM

Samsung has also mentioned 9 moderate levels of threat in this month’s security bulletin. It is worth noting that one exploit is already fixed last month while three viruses were not applicable for Samsung devices.

Along with Google patches, Samsung Mobile provides 8 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices.

 

The company has also detailed the list of eligible devices that will get monthly/quarterly/other security updates.

Google patches include patches up to Android Security Bulletin – August 2021 package. The Bulletin (August 2021) contains the following CVE items:

Critical
CVE-2021-0592, CVE-2021-1965

High
CVE-2021-1931, CVE-2021-1940, CVE-2021-1953, CVE-2021-1943, CVE-2021-1964, CVE-2021-1907, CVE-2021-1955, CVE-2021-1945, CVE-2021-1970, CVE-2021-1954, CVE-2020-0368, CVE-2021-0514, CVE-2021-0515, CVE-2021-0603, CVE-2021-0640, CVE-2021-0645, CVE-2021-0646, CVE-2021-0519, CVE-2021-0591, CVE-2021-0593, CVE-2021-0584, CVE-2021-0641, CVE-2021-0642

Moderate
CVE-2021-0555, CVE-2020-1971, CVE-2021-0567, CVE-2021-0570, CVE-2021-0572, CVE-2021-0557, CVE-2021-0558, CVE-2021-0559, CVE-2021-0561

Already included in previous updates
CVE-2021-1938

Not applicable to Samsung devices
CVE-2020-11307, CVE-2021-0577, CVE-2021-0550

 

To be specific:

IV reuse in Keymaster TA: Details below

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with the privileged process. The patch prevents reusing IV by blocking addition of custom IV.

 

UAF in conn_gadget driver: Details below

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. The patch adds proper check logic to prevent use after free.

Must Read

Exit mobile version