Samsung is going to release the May 2024 Android Security Patch update for its eligible devices soon. Samsung has officially shared details about all the improvements that will be brought to Galaxy devices with the May 2024 Android Security Patch.
Galaxy S21 Series Gets April 2024 Security Update
According to the Samsung Monthly Security Release Bulletin, the May 2024 Security Update will fix a total of 45 vulnerability exposures, including 33 from Google including 3 Critical, 26 High, and 1 Medium level CVE. The update also mentions fixes for 12 SVE items from One UI.
Below you can check out all the common vulnerability exposures and Samsung vulnerability exposures that the May 2024 security patch will fix to reduce the risk of system crashes and data loss.
Samsung May 2024 Security Patch Update Detail
Common Vulnerability Exposures (CVEs)
The May 2024 security patch will fix 33 common vulnerability exposures from Google including 3 critical, 26 High, and 1 Moderate level. Besides, 1 CVE item is already included in previous updates and 2 do not apply to Samsung devices.
Critical
CVE-2023-28582, CVE-2024-23706, CVE-2024-23700
High
CVE-2024-0042, CVE-2024-20039, CVE-2024-20040, CVE-2024-21463, CVE-2023-33115, CVE-2023-33096, CVE-2023-33103, CVE-2023-33084, CVE-2023-33095, CVE-2023-33104, CVE-2023-33086, CVE-2023-33101, CVE-2023-33100, CVE-2023-33099, CVE-2024-21468, CVE-2024-21472, CVE-2024-0024, CVE-2024-0025, CVE-2024-23705, CVE-2024-23708, CVE-2024-0043, CVE-2024-23707, CVE-2024-23709, CVE-2024-23703, CVE-2024-23701, CVE-2024-23702
Moderate
CVE-2024-20021
Already included in previous updates
CVE-2023-32890
Not applicable to Samsung devices
CVE-2023-28547, CVE-2023-33023
Samsung Vulnerability Exposures (SVEs)
The May 2024 update fixes 12 Samsung Vulnerability Exposures from One UI which are related to bypass in the setup wizard, multitasking framework, improper authentication in a secure folder, improper access control of FactoryCamera, and more.
SVE-2023-1778(CVE-2024-20866): Authentication bypass vulnerability in Setupwizard
SVE-2023-2193(CVE-2024-20855): Improper access control vulnerability in multitasking framework
SVE-2023-2265(CVE-2024-20856): Improper Authentication vulnerability in Secure Folder
SVE-2024-0041(CVE-2024-20857): Improper access control vulnerability in CocktailBarService
SVE-2024-0042(CVE-2024-20858): Improper access control vulnerability in CocktailBarService
SVE-2024-0070(CVE-2024-20859): Improper access control vulnerability in FactoryCamera
SVE-2024-0071(CVE-2024-20860): Improper export of Android application components vulnerability in TelephonyUI
SVE-2024-0092(CVE-2024-20861): Use after free vulnerability in SveService
SVE-2024-0096(CVE-2024-20862): Out-of-bounds write in SveService
SVE-2024-0185(CVE-2024-20863): Improper input validation vulnerability in SNAP in HAL
SVE-2024-0234(CVE-2024-20865): Authentication bypass in bootloader
SVE-2024-0357(CVE-2024-20864): Improper access control vulnerability in DarManagerService
