Menü Schließen

Samsung Galaxy Smartphones Security Updates August 2021

Samsung Logo

Samsung verteilt für die Smartphoes der Galaxy Reihe die Sicherheitsupdates für den Monat August 2021. Die Patches schließen mehrere sicherheitsrelevanten Lücken in Android auf u.a. Galaxy S21, S20, S9, S10, Note 20, Z-Flip, aber auch ältere wie das A71, A52, A50, A32, A72, A90, A10, A9 und A6. Das Update sollet zeitnahe durchgeführt werden.

Das August Update schließt 2 kritische und 23 als hoch eingestufte Sicherhetislücken.

Google patches include patches up to Android Security Bulletin – August 2021 package. The Bulletin (August 2021) contains the following CVE items:

Critical
CVE-2021-0592, CVE-2021-1965

High
CVE-2021-1931, CVE-2021-1940, CVE-2021-1953, CVE-2021-1943, CVE-2021-1964, CVE-2021-1907, CVE-2021-1955, CVE-2021-1945, CVE-2021-1970, CVE-2021-1954, CVE-2020-0368, CVE-2021-0514, CVE-2021-0515, CVE-2021-0603, CVE-2021-0640, CVE-2021-0645, CVE-2021-0646, CVE-2021-0519, CVE-2021-0591, CVE-2021-0593, CVE-2021-0584, CVE-2021-0641, CVE-2021-0642

Moderate
CVE-2021-0555, CVE-2020-1971, CVE-2021-0567, CVE-2021-0570, CVE-2021-0572, CVE-2021-0557, CVE-2021-0558, CVE-2021-0559, CVE-2021-0561

Already included in previous updates
CVE-2021-1938

Not applicable to Samsung devices
CVE-2020-11307, CVE-2021-0577, CVE-2021-0550

Along with Google patches, Samsung Mobile provides 8 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR August-2021 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.

SVE-2021-20831 (CVE-2021-25443): UAF in conn_gadget driver

Severity: Low
Affected versions: O(8.1), P(9.0), Q(10.0), R(11.0)
Reported on: February 26, 2021
Disclosure status: Privately disclosed.
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
The patch adds proper check logic to prevent use after free.

SVE-2021-21948 (CVE-2021-25444): IV reuse in Keymaster TA

Severity: High
Affected versions: O(8.1), P(9.0), Q(10.0)
Reported on: May 25, 2021
Disclosure status: Privately disclosed.
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
The patch prevents reusing IV by blocking addition of custom IV.

Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

Acknowledgements

Quelle: Security Updates Firmware Updates | Samsung Mobile Security

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert