Samsung CVEs & Vulnerabilities

58 CVEs affecting Samsung products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

android 71exynos 1380 firmware 15exynos 1480 15exynos 1380 15exynos 1480 firmware 15exynos 1580 14exynos 1280 14exynos 1280 firmware 14
CVE-2026-20992LOW

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application.

16 Mar 2026
3.3
CVSS
CVE-2026-20991MEDIUM

Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.

16 Mar 2026
4.4
CVSS
CVE-2026-20990HIGH

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege.

16 Mar 2026
8.1
CVSS
CVE-2026-20989LOW

Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font.

16 Mar 2026
2.4
CVSS
CVE-2026-20988MEDIUM

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability.

16 Mar 2026
5.0
CVSS
CVE-2025-62817HIGH

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service.

3 Mar 2026
7.5
CVSS
CVE-2025-62816MEDIUM

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service.

3 Mar 2026
5.5
CVSS
CVE-2025-66363HIGH

An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.

3 Mar 2026
7.5
CVSS
CVE-2025-62815MEDIUM

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service.

3 Mar 2026
5.5
CVSS
CVE-2025-62814HIGH

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.

3 Mar 2026
7.5
CVSS
← PrevPage 2 / 2Next →