Yesterday, Samsung started to roll out the September 2022 Android security patch updates to its eligible Galaxy devices and now it has officially released the September 2022 patch details, revealing all the bugs and issues that have been fixed.
According to the official information, this month’s patch fixes dozens of privacy and security-related vulnerabilities and exposures found in Galaxy smartphones. The details also mention some Google-offered bug fixes that were already released by Samsung last month.
Furthermore, the Samsung September 2022 security patch details include 21 high levels and 3 moderate levels of CVEs. Meanwhile, the list does not mention any critical level of CVE whereas, the 4 noted are not applicable for Galaxy devices.
On the other flip, Samsung also reveals 29 One UI SVE items in order to provide users with a seamless performance of their Galaxy smartphone or tablet. Below you can check the complete details of Samsung’s September 2022 security patch.
September SMR CVE Items:
- CVE-2021-39815, CVE-2022-20122, CVE-2021-0947, CVE-2021-0946, CVE-2021-0698, CVE-2021-0887, CVE-2021-0891, CVE-2021-30259, CVE-2022-22062, CVE-2022-22070, CVE-2022-22067, CVE-2022-22822, CVE-2022-23852, CVE-2022-23990, CVE-2022-25314, CVE-2022-20218, CVE-2022-20392, CVE-2022-20393, CVE-2022-20395, CVE-2022-20398, CVE-2022-20396
- CVE-2022-20197, CVE-2020-0500, CVE-2020-0293
Already included in previous updates
- CVE-2022-22080, CVE-2022-20239
Not applicable to Samsung devices
- CVE-2022-22061, CVE-2022-22069, CVE-2022-22059, CVE-2022-25668
September SMR SVE Items:
- Use after free vulnerability in mtp_send_signal function of MTP driver
- Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver
SVE-2022-1086(CVE-2022-36845), SVE-2022-1083(CVE-2022-36841), SVE-2022-1082(CVE-2022-36844), SVE-2022-1081(CVE-2022-36843), SVE-2022-1080(CVE-2022-36860), SVE-2022-1079(CVE-2022-36863), SVE-2022-1077(CVE-2022-36862), SVE-2022-1076(CVE-2022-36842), SVE-2022-1075(CVE-2022-36846), SVE-2022-1074(CVE-2022-36858)
- A heap-based overflow vulnerability in libSDKRecognitionText.spensdk.samsung.so library
- Out of bound read in libapexjni.media.samsung.so
- Improper Authorization vulnerability in setDualDARPolicyCmd
- Improper Authorization vulnerability in Video Editor
- Custom permission misuse in SystemUI
- Intent redirection in Photo Editor
- Improper access control vulnerability in Telecom application
- Improper Authorization vulnerability in Photo Editor
- Path traversal vulnerability in CallBGProvider
- Use After Free vulnerability in iva_ctl driver