Smart Suggestions Flaw
SVE-2022-2907(CVE-2023-21479)
Improper authorization in Smart Suggestions before SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule. The patch removes the BROWSABLE attribute and is applicable on devices running Android 13 and Smart Suggestions before 4.1.01.0 in Android 12.
Exynos Flaws
SVE-2022-3004 (CVE-2023-21473) and SVE-2022-3001 (CVE-2023-21472)
Improper input validation with Exynos Fastboot USB Interface before SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in the bootloader. The patch adds proper implementation for arbitrary input with a USB interface.
SVE-2022-2755 (CVE-2023-21467)
Error in 3GPP specification implementation in Exynos baseband before SMR Apr-2023 Release 1 allows incorrect handling of the unencrypted message. The patch adds proper authentication logic to the devices equipped with Exynos chipsets.
SVE-2022-2907(CVE-2023-21479)
Improper authorization in Smart Suggestions before SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule. The patch removes the BROWSABLE attribute and is applicable on devices running Android 13 and Smart Suggestions before 4.1.01.0 in Android 12.
Exynos Flaws
SVE-2022-3004 (CVE-2023-21473) and SVE-2022-3001 (CVE-2023-21472)
Improper input validation with Exynos Fastboot USB Interface before SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in the bootloader. The patch adds proper implementation for arbitrary input with a USB interface.
SVE-2022-2755 (CVE-2023-21467)
Error in 3GPP specification implementation in Exynos baseband before SMR Apr-2023 Release 1 allows incorrect handling of the unencrypted message. The patch adds proper authentication logic to the devices equipped with Exynos chipsets.
Other vulnerabilities, which were fixed with the April 2023 security patch, include improper input validation in the CertByte function, out-of-bounds write in the libaudiosaplus_sec.so function, and improper authorization in SecSettings. Security flaws like improper access control vulnerability in SemClipboard, SLocatoin, and Telephony features have also been fixed.
Samsung also seems to have fixed security loopholes found in the TIGERF trustlet, hijacking vulnerability in CertificatePolicy, and improper authorization in the Smart Suggestions widget. Visit below link to know more about these vulnerabilities
https://security.samsungmobile.com/securityUpdate.smsb
