According to the official information, Samsung published the details of the July 2021 security patch. The latest security update brings fixes for 2 critical and 23 high levels of CVEs.
JOIN SAMSUNG ON TELEGRAM
Samsung has also mentioned 9 moderate levels of threat in this month’s security bulletin. It is worth noting that one exploit is already fixed last month while three viruses were not applicable for Samsung devices.
Along with Google patches, Samsung Mobile provides 8 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices.
The company has also detailed the list of eligible devices that will get monthly/quarterly/other security updates.
Google patches include patches up to Android Security Bulletin – August 2021 package. The Bulletin (August 2021) contains the following CVE items:
Critical
CVE-2021-0592, CVE-2021-1965High
CVE-2021-1931, CVE-2021-1940, CVE-2021-1953, CVE-2021-1943, CVE-2021-1964, CVE-2021-1907, CVE-2021-1955, CVE-2021-1945, CVE-2021-1970, CVE-2021-1954, CVE-2020-0368, CVE-2021-0514, CVE-2021-0515, CVE-2021-0603, CVE-2021-0640, CVE-2021-0645, CVE-2021-0646, CVE-2021-0519, CVE-2021-0591, CVE-2021-0593, CVE-2021-0584, CVE-2021-0641, CVE-2021-0642Moderate
CVE-2021-0555, CVE-2020-1971, CVE-2021-0567, CVE-2021-0570, CVE-2021-0572, CVE-2021-0557, CVE-2021-0558, CVE-2021-0559, CVE-2021-0561Already included in previous updates
CVE-2021-1938Not applicable to Samsung devices
CVE-2020-11307, CVE-2021-0577, CVE-2021-0550
To be specific:
IV reuse in Keymaster TA: Details below
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with the privileged process. The patch prevents reusing IV by blocking addition of custom IV.
UAF in conn_gadget driver: Details below
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. The patch adds proper check logic to prevent use after free.
