Yesterday, Samsung started to roll out the September 2022 Android security patch updates to its eligible Galaxy devices and now it has officially released the September 2022 patch details, revealing all the bugs and issues that have been fixed.
According to the official information, this month’s patch fixes dozens of privacy and security-related vulnerabilities and exposures found in Galaxy smartphones. The details also mention some Google-offered bug fixes that were already released by Samsung last month.
JOIN SAMSUNG ON TELEGRAM
Furthermore, the Samsung September 2022 security patch details include 21 high levels and 3 moderate levels of CVEs. Meanwhile, the list does not mention any critical level of CVE whereas, the 4 noted are not applicable for Galaxy devices.
On the other flip, Samsung also reveals 29 One UI SVE items in order to provide users with a seamless performance of their Galaxy smartphone or tablet. Below you can check the complete details of Samsung’s September 2022 security patch.
September SMR CVE Items:
Critical
- None
High
- CVE-2021-39815, CVE-2022-20122, CVE-2021-0947, CVE-2021-0946, CVE-2021-0698, CVE-2021-0887, CVE-2021-0891, CVE-2021-30259, CVE-2022-22062, CVE-2022-22070, CVE-2022-22067, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990, CVE-2022-25314, CVE-2022-20218, CVE-2022-20392, CVE-2022-20393, CVE-2022-20395, CVE-2022-20398, CVE-2022-20396
Moderate
- CVE-2022-20197, CVE-2020-0500, CVE-2020-0293
Already included in previous updates
- CVE-2022-22080, CVE-2022-20239
Not applicable to Samsung devices
- CVE-2022-22061, CVE-2022-22069, CVE-2022-22059, CVE-2022-25668
September SMR SVE Items:
SVE-2022-1254(CVE-2022-36847):
- Use after free vulnerability in mtp_send_signal function of MTP driver
SVE-2022-1249(CVE-2022-36849):
- Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver
SVE-2022-1086(CVE-2022-36845), SVE-2022-1083(CVE-2022-36841), SVE-2022-1082(CVE-2022-36844), SVE-2022-1081(CVE-2022-36843), SVE-2022-1080(CVE-2022-36860), SVE-2022-1079(CVE-2022-36863), SVE-2022-1077(CVE-2022-36862), SVE-2022-1076(CVE-2022-36842), SVE-2022-1075(CVE-2022-36846), SVE-2022-1074(CVE-2022-36858)
- A heap-based overflow vulnerability in libSDKRecognitionText.spensdk.samsung.so library
SVE-2022-1037(CVE-2022-36854):
- Out of bound read in libapexjni.media.samsung.so
SVE-2022-0934(CVE-2022-36848):
- Improper Authorization vulnerability in setDualDARPolicyCmd
SVE-2022-0899(CVE-2022-36852):
- Improper Authorization vulnerability in Video Editor
SVE-2022-0853(CVE-2022-36861):
- Custom permission misuse in SystemUI
SVE-2022-0815(CVE-2022-36853):
- Intent redirection in Photo Editor
SVE-2022-0803(CVE-2022-36856):
- Improper access control vulnerability in Telecom application
SVE-2022-0706(CVE-2022-36857):
- Improper Authorization vulnerability in Photo Editor
SVE-2022-0702(CVE-2022-36850):
- Path traversal vulnerability in CallBGProvider
SVE-2022-0619(CVE-2022-36855):
- Use After Free vulnerability in iva_ctl driver
