First published: Thu Feb 09 2023(Updated: )
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.
Credit: mobile.security@samsung.com
Affected Software | Affected Version | How to fix |
---|---|---|
Samsung Android | =11.0 | |
Samsung Android | =11.0-smr-apr-2021-r1 | |
Samsung Android | =11.0-smr-apr-2022-r1 | |
Samsung Android | =11.0-smr-apr-2023-r1 | |
Samsung Android | =11.0-smr-aug-2021-r1 | |
Samsung Android | =11.0-smr-aug-2022-r1 | |
Samsung Android | =11.0-smr-aug-2023-r1 | |
Samsung Android | =11.0-smr-dec-2020-r1 | |
Samsung Android | =11.0-smr-dec-2021-r1 | |
Samsung Android | =11.0-smr-dec-2022-r1 | |
Samsung Android | =11.0-smr-dec-2023-r1 | |
Samsung Android | =11.0-smr-feb-2021-r1 | |
Samsung Android | =11.0-smr-feb-2022-r1 | |
Samsung Android | =11.0-smr-feb-2023-r1 | |
Samsung Android | =11.0-smr-jan-2021-r1 | |
Samsung Android | =11.0-smr-jan-2022-r1 | |
Samsung Android | =11.0-smr-jul-2021-r1 | |
Samsung Android | =11.0-smr-jul-2022-r1 | |
Samsung Android | =11.0-smr-jul-2023-r1 | |
Samsung Android | =11.0-smr-jun-2021-r1 | |
Samsung Android | =11.0-smr-jun-2022-r1 | |
Samsung Android | =11.0-smr-jun-2023-r1 | |
Samsung Android | =11.0-smr-mar-2021-r1 | |
Samsung Android | =11.0-smr-mar-2022-r1 | |
Samsung Android | =11.0-smr-mar-2023-r1 | |
Samsung Android | =11.0-smr-may-2021-r1 | |
Samsung Android | =11.0-smr-may-2022-r1 | |
Samsung Android | =11.0-smr-may-2023-r1 | |
Samsung Android | =11.0-smr-nov-2021-r1 | |
Samsung Android | =11.0-smr-nov-2022-r1 | |
Samsung Android | =11.0-smr-nov-2023-r1 | |
Samsung Android | =11.0-smr-oct-2021-r1 | |
Samsung Android | =11.0-smr-oct-2022-r1 | |
Samsung Android | =11.0-smr-oct-2023-r1 | |
Samsung Android | =11.0-smr-sep-2021-r1 | |
Samsung Android | =11.0-smr-sep-2022-r1 | |
Samsung Android | =11.0-smr-sep-2023-r1 | |
Samsung Android | =12.0 | |
Samsung Android | =12.0-smr-apr-2022-r1 | |
Samsung Android | =12.0-smr-apr-2023-r1 | |
Samsung Android | =12.0-smr-aug-2022-r1 | |
Samsung Android | =12.0-smr-aug-2023-r1 | |
Samsung Android | =12.0-smr-dec-2021-r1 | |
Samsung Android | =12.0-smr-dec-2022-r1 | |
Samsung Android | =12.0-smr-dec-2023-r1 | |
Samsung Android | =12.0-smr-feb-2022-r1 | |
Samsung Android | =12.0-smr-feb-2023-r1 | |
Samsung Android | =12.0-smr-jan-2022-r1 | |
Samsung Android | =12.0-smr-jul-2022-r1 | |
Samsung Android | =12.0-smr-jul-2023-r1 | |
Samsung Android | =12.0-smr-jun-2022-r1 | |
Samsung Android | =12.0-smr-jun-2023-r1 | |
Samsung Android | =12.0-smr-mar-2022-r1 | |
Samsung Android | =12.0-smr-mar-2023-r1 | |
Samsung Android | =12.0-smr-may-2022-r1 | |
Samsung Android | =12.0-smr-may-2023-r1 | |
Samsung Android | =12.0-smr-nov-2021-r1 | |
Samsung Android | =12.0-smr-nov-2022-r1 | |
Samsung Android | =12.0-smr-nov-2023-r1 | |
Samsung Android | =12.0-smr-oct-2022-r1 | |
Samsung Android | =12.0-smr-oct-2023-r1 | |
Samsung Android | =12.0-smr-sep-2022-r1 | |
Samsung Android | =12.0-smr-sep-2023-r1 | |
Samsung Android | =13.0 | |
Samsung Android | =13.0-smr-apr-2023-r1 | |
Samsung Android | =13.0-smr-aug-2023-r1 | |
Samsung Android | =13.0-smr-dec-2022-r1 | |
Samsung Android | =13.0-smr-dec-2023-r1 | |
Samsung Android | =13.0-smr-feb-2023-r1 | |
Samsung Android | =13.0-smr-jul-2023-r1 | |
Samsung Android | =13.0-smr-jun-2023-r1 | |
Samsung Android | =13.0-smr-mar-2023-r1 | |
Samsung Android | =13.0-smr-may-2023-r1 | |
Samsung Android | =13.0-smr-nov-2022-r1 | |
Samsung Android | =13.0-smr-nov-2023-r1 | |
Samsung Android | =13.0-smr-oct-2022-r1 | |
Samsung Android | =13.0-smr-oct-2023-r1 | |
Samsung Android | =13.0-smr-sep-2023-r1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-21428 has been classified as a medium severity vulnerability, allowing attackers to configure Preferred Call through improper input validation.
To fix CVE-2023-21428, users need to update their Samsung Android devices to the SMR Jan-2023 Release 1 or later.
CVE-2023-21428 affects Samsung Android versions 11.0 and certain variants of 12.0 and 13.0 prior to their respective security patches.
The impact of CVE-2023-21428 includes the potential for attackers to exploit the vulnerability to alter call configuration settings maliciously.
As of the latest information available, there are no confirmed reports of CVE-2023-21428 being actively exploited in the wild.