First published: Tue Apr 02 2024(Updated: )
Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.
Credit: mobile.security@samsung.com
Affected Software | Affected Version | How to fix |
---|---|---|
Samsung Android | =12.0 | |
Samsung Android | =12.0-smr-apr-2022-r1 | |
Samsung Android | =12.0-smr-apr-2023-r1 | |
Samsung Android | =12.0-smr-aug-2022-r1 | |
Samsung Android | =12.0-smr-aug-2023-r1 | |
Samsung Android | =12.0-smr-dec-2021-r1 | |
Samsung Android | =12.0-smr-dec-2022-r1 | |
Samsung Android | =12.0-smr-dec-2023-r1 | |
Samsung Android | =12.0-smr-feb-2022-r1 | |
Samsung Android | =12.0-smr-feb-2023-r1 | |
Samsung Android | =12.0-smr-feb-2024-r1 | |
Samsung Android | =12.0-smr-jan-2022-r1 | |
Samsung Android | =12.0-smr-jan-2023-r1 | |
Samsung Android | =12.0-smr-jan-2024-r1 | |
Samsung Android | =12.0-smr-jul-2022-r1 | |
Samsung Android | =12.0-smr-jul-2023-r1 | |
Samsung Android | =12.0-smr-jun-2022-r1 | |
Samsung Android | =12.0-smr-jun-2023-r1 | |
Samsung Android | =12.0-smr-mar-2022-r1 | |
Samsung Android | =12.0-smr-mar-2023-r1 | |
Samsung Android | =12.0-smr-mar-2024-r1 | |
Samsung Android | =12.0-smr-may-2022-r1 | |
Samsung Android | =12.0-smr-may-2023-r1 | |
Samsung Android | =12.0-smr-nov-2021-r1 | |
Samsung Android | =12.0-smr-nov-2022-r1 | |
Samsung Android | =12.0-smr-nov-2023-r1 | |
Samsung Android | =12.0-smr-oct-2022-r1 | |
Samsung Android | =12.0-smr-oct-2023-r1 | |
Samsung Android | =12.0-smr-sep-2022-r1 | |
Samsung Android | =12.0-smr-sep-2023-r1 | |
Unknown libsavsac | <SMR Apr-2024 Release 1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-20846 is considered a critical vulnerability due to the potential for arbitrary code execution by local attackers.
To fix CVE-2024-20846, users should update their devices to the latest firmware version SMR Apr-2024 Release 1 or later.
CVE-2024-20846 affects several versions of Samsung Android 12.0 including various security maintenance releases prior to SMR Apr-2024 Release 1.
CVE-2024-20846 requires local access for exploitation, meaning it cannot be exploited remotely.
Users of affected Samsung Android 12.0 devices who do not apply the necessary updates are at risk from CVE-2024-20846.