Skip to main content

Samsung Android USB Driver EUVDEUVD-2026-34810

| CVE-2026-21038 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-05 SamsungMobile GHSA-92v6-r4j5-9677
5.9
CVSS 4.0 · Vendor: SamsungMobile
Share

Severity by source

Vendor (SamsungMobile) PRIMARY
5.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (SamsungMobile) · only source for this CVE.

CVSS VectorVendor: SamsungMobile

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Jun 05, 2026 - 13:36 vuln.today
CVSS changed
Jun 05, 2026 - 11:22 NVD
5.9 (MEDIUM)
CVE Published
Jun 05, 2026 - 10:15 nvd
MEDIUM 5.9
CVE Published
Jun 05, 2026 - 10:15 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.

AnalysisAI

Out-of-bounds memory access in Samsung Android USB Driver for Windows (all versions prior to 1.9.5.0) allows a local attacker without elevated privileges to corrupt or read memory beyond allocated bounds, resulting in high availability impact and low integrity impact on the affected Windows host. Samsung has released version 1.9.5.0 as the corrective patch, documented under EUVD-2026-34810. No public exploit code exists and the vulnerability is not listed in CISA KEV at time of analysis, though the CVSS 4.0 AT:P modifier signals a required target-specific condition that narrows exploitability.

Technical ContextAI

The Samsung Android USB Driver for Windows is a host-side software component that enables Windows systems to communicate with Samsung Android devices over USB. The root cause is improper input validation within the driver - the driver fails to adequately check input bounds before processing data, allowing out-of-bounds memory accesses consistent with the 'Buffer Overflow' tag applied to this CVE. Although CWE is formally listed as N/A by the reporting sources, the described behavior aligns with CWE-125 (Out-of-bounds Read) or CWE-787 (Out-of-bounds Write). The affected product is identified via CPE cpe:2.3:a:samsung_mobile:samsung_android_usb_driver_for_windows:*:*:*:*:*:*:*:*, covering all versions of the driver prior to 1.9.5.0 on Windows. The 'Google' and 'Microsoft' tags likely reflect the Android (Google) ecosystem being bridged to the Windows (Microsoft) platform by this driver component.

RemediationAI

The primary fix is to upgrade Samsung Android USB Driver for Windows to version 1.9.5.0 or later, as confirmed by EUVD-2026-34810 and the Samsung Mobile Security advisory at https://security.samsungmobile.com/serviceWeb.smsb?year=2026&month=06. For systems where immediate patching is not feasible, a practical compensating control is to uninstall or disable the Samsung Android USB Driver on any Windows host where Samsung device connectivity is not operationally required - this eliminates the attack surface entirely with no functional trade-off for those hosts. For hosts that require the driver, restricting physical USB port access (via USB device policies or port blockers) reduces the likelihood of a malicious or manipulated device being connected to trigger the vulnerability, though this does not protect against insider threats with legitimate device access. No known workarounds exist that preserve driver functionality while mitigating the underlying memory validation flaw.

Share

EUVD-2026-34810 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy