what are the changes after November update

VikumD · ‎12-20-2020

Want to know what are the changes or errors after the November security patch 🤔

nipoo · ‎12-21-2020

Google patches include patches up to Android Security Bulletin – November 2020 package. The Bulletin (November 2020) contains the following CVE items:

Critical
CVE-2020-3692, CVE-2020-0441, CVE-2020-0442, CVE-2020-0451(O8.x,P9), CVE-2020-0449

High
CVE-2020-0423, CVE-2020-3690, CVE-2020-3678, CVE-2020-3638, CVE-2020-11162, CVE-2020-11173, CVE-2020-11125, CVE-2020-11174, CVE-2020-0371, CVE-2020-0283, CVE-2020-3670, CVE-2020-3684, CVE-2020-11164, CVE-2020-0367, CVE-2020-0339, CVE-2020-0409, CVE-2020-0418, CVE-2020-0439, CVE-2020-0454, CVE-2020-0443, CVE-2020-0451(Q10,R11), CVE-2020-0452, CVE-2020-0438(R11), CVE-2020-12856, CVE-2020-0424, CVE-2020-0448, CVE-2020-0450, CVE-2020-0453, CVE-2020-0437

Moderate
CVE-2020-0144, CVE-2020-0145, CVE-2020-0146, CVE-2020-0147, CVE-2020-0148, CVE-2020-0149, CVE-2020-0200, CVE-2020-0205, CVE-2020-0211, CVE-2019-16275, CVE-2020-0088, CVE-2020-0160, CVE-2020-0161, CVE-2020-0162, CVE-2020-0163, CVE-2020-0169, CVE-2020-0170, CVE-2020-0171, CVE-2020-0172, CVE-2020-0173, CVE-2020-0174, CVE-2020-0175, CVE-2020-0181, CVE-2020-0184, CVE-2020-0189, CVE-2020-0196, CVE-2020-0198, CVE-2020-0206, CVE-2020-0438(Q10), CVE-2020-0154, CVE-2020-0158

Already included in previous updates
CVE-2020-11154, CVE-2020-11155, CVE-2020-11156, CVE-2020-11169, CVE-2020-3704, CVE-2020-3703, CVE-2020-11157, CVE-2020-11141

Not applicable to Samsung devices
CVE-2020-3657, CVE-2020-3673, CVE-2020-3654, CVE-2020-0376

※ Please see Android Security Bulletin for detailed information on Google patches.

nipoo · ‎12-21-2020

Along with Google patches, Samsung Mobile provides 5 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR November-2020 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.

SVE-2020-18546: FRP Bypass using Secure Folder

Severity: Moderate
Affected versions: O(8.x), P(9.0), Q(10.0), R(11.0)
Reported on: August 3, 2020
Disclosure status: Publicly disclosed.
A vulnerability allows FRP bypass through Secure Folder.
The patch addressed the issue.

SVE-2020-18632: Arbitrary code execution in S3K250AF

Severity: High
Affected versions: Q(10.0) devices with Exynos990 chipset
Reported on: August 11, 2020
Disclosure status: Privately disclosed.
A possible buffer overflow vulnerability in embedded S3K250AF chip allows arbitrary code execution leading to possible sensitive information exposure.
The patch adds proper boundary check to prevent buffer overflow.

SVE-2020-18689: Gallery lock Authentication Bypass using Reminder app

Severity: Moderate
Affected versions: P(9.0), Q(10.0) devices released in China or India
Reported on: August 23, 2020
Disclosure status: Privately disclosed.
A vulnerability in S Secure app, which is only released in China and India, allows users to access the content of locked Gallery app without authentication.
The patch addresses the issue in S Secure.

SVE-2020-18610: Memory corruption in Samsung NPU driver

Severity: High
Affected versions: P(9.0), Q(10.0) devices with Exynos 980, 9820, 9830 chipset
Reported on: August 8, 2020
Disclosure status: Privately disclosed.
Vulnerabilities in NPU driver allow arbitrary memory read/write and code execution.
Vulnerabilities were patched by addressing incorrect implementation in NPU driver.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Source: https://security.samsungmobile.com/securityUpdate.smsb

Original topic:

what are the changes after November update