Skip to main content

Samsung

Vendor security scorecard – 51 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 46
51
CVEs
0
Critical
7
High
0
KEV
0
PoC
5
Unpatched C/H
13.7%
Patch Rate
0.0%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
7
MEDIUM
44
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-8915 Out-of-bounds write in Samsung's Escargot JavaScript engine allows attacker-supplied scripts to corrupt memory through the ArrayBuffer.prototype.transfer() built-in, with high confidentiality, integrity, and availability impact (CVSS 8.8). The flaw stems from a missing length-bounds check when transferring an ArrayBuffer to a new byte length, enabling writes past the allocated buffer that can lead to remote code execution if a victim runs the malicious script. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided. HIGH 8.8 0.0% 44
No patch
CVE-2026-45956 Local privilege escalation and memory corruption in the Linux kernel's Exynos DRM VIDI (Virtual Display) driver allows local users with access to the DRM device to trigger null pointer dereferences, garbage value accesses, out-of-bounds reads, or use-after-free conditions via the vidi_connection_ioctl() handler. The flaw stems from an incorrect device-to-context lookup that retrieves driver_data from the exynos-drm master device instead of the VIDI component device. A vendor patch is available across multiple stable branches, no public exploit identified at time of analysis, and EPSS rates exploitation probability at only 0.02%. HIGH 7.8 0.0% 39
CVE-2026-47310 Use-after-free memory corruption in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) enables pointer manipulation when processing crafted JavaScript content, with CVSS 7.8 reflecting high-impact local exploitation requiring user interaction. The affected codepaths include evaluator error handling, TypedArray copyWithin operations on resizable buffers, DataView coercion, and array fast-mode transitions - all triggerable by attacker-controlled script. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV. HIGH 7.8 0.0% 39
No patch
CVE-2026-47311 Heap-based buffer overflow in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) allows remote attackers to corrupt heap memory and likely achieve arbitrary code execution when a victim processes attacker-controlled JavaScript. No public exploit identified at time of analysis, but the upstream fix (PR #1565) reveals multiple memory-safety hardening changes including integer underflow protection in TypedArray.copyWithin, fast-mode array conversion checks during spread operations, and OOM handling, indicating concrete reachable corruption paths. CVSS 7.8 with local attack vector and required user interaction reflects the engine's typical embedding context (apps, IoT, smart TV runtimes) rather than network-facing services. HIGH 7.8 0.0% 39
No patch
CVE-2026-47314 Out-of-bounds write in Samsung's Escargot lightweight JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) allows attackers to corrupt memory by inducing buffer overflows through crafted JavaScript. Exploitation requires local execution of attacker-supplied script content with user interaction, but successful triggering yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and the issue is not on the CISA KEV list. HIGH 7.8 0.0% 39
No patch
CVE-2025-66369 Denial of Service vulnerability in Samsung Exynos chipsets (980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, and modems 5123, 5300, 5400) allows remote unauthenticated attackers to crash devices by sending malformed 5G NR NAS registration accept messages. The flaw affects the Mobility Management (MM) component's message parser, triggering resource exhaustion (CWE-770) that disrupts cellular connectivity. CVSS 7.5 (High) with network attack vector and no prerequisites, though EPSS indicates only 0.02% exploitation probability and no public exploits identified at time of analysis. HIGH 7.5 0.0% 38
No patch
CVE-2026-45958 Local privilege escalation and kernel memory corruption in the Linux kernel's Exynos DRM (drm/exynos) vidi driver allows a low-privileged local user to access arbitrary kernel memory by exploiting an unsafe user pointer dereference in vidi_connection_ioctl(). The flaw affects multiple kernel branches up to 6.18.14 and is fixed in stable releases 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.77, 6.18.14, 6.19.4, and 7.0. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%, 7th percentile). HIGH 7.1 0.0% 36
CVE-2026-21037 Improper input validation in Samsung Members prior to version 5.8.01.5 allows local authenticated attackers to access arbitrary URLs and launch arbitrary Android activities using Samsung Members' application privileges. The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) confirms local access with low privileges and no additional preconditions, with the score of 6.9 reflecting a high availability impact on the vulnerable component alongside low integrity impact. No public exploit identified at time of analysis and this vulnerability is not listed in CISA KEV, but the ability to hijack privileged activity launches on Samsung devices makes it a meaningful local privilege-chaining vector. MEDIUM 6.9 0.0% 35
No patch
CVE-2026-3291 Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mob MEDIUM 6.9 0.0% 35
No patch
CVE-2026-21033 Improper export of the ExpressHomeWidgetReceiver Android component in Samsung Assistant (prior to version 9.3.14) enables a local attacker without special privileges to send crafted intents to the exposed receiver and execute arbitrary scripts on the device. The CVSS 4.0 score of 6.9 reflects high confidentiality impact (VC:H) with a local attack vector - an on-device malicious application is a realistic threat model. No public exploit has been identified and this CVE does not appear in CISA KEV at time of analysis. MEDIUM 6.9 0.0% 35
No patch
CVE-2026-21032 Improper export of the SmartHomeWidgetReceiver Android component in Samsung Assistant prior to version 9.3.14 allows a local attacker without any privileges to send crafted intents directly to the exposed receiver and execute arbitrary scripts. The CVSS 4.0 score of 6.9 reflects high confidentiality impact (VC:H) constrained to the local attack surface (AV:L), aligning with the 'Information Disclosure' tag. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis. MEDIUM 6.9 0.0% 35
No patch
CVE-2026-21057 Out-of-bounds memory write in Samsung Pass prior to version 5.2.10.3 enables local privileged attackers to corrupt process memory, producing high integrity and availability impact with limited confidentiality exposure. The root cause is improper input validation - a buffer overflow class defect - confirmed by Samsung's mobile security team and catalogued under EUVD-2026-42827. No public exploit code or CISA KEV listing has been identified; Samsung has released version 5.2.10.3 as the remediation. MEDIUM 6.8 0.1% 34
No patch
CVE-2026-6839 Improper validation of STRING tensor offsets in Samsung Open Source ONE prior to commit 1.30.0 allows local attackers with user interaction to trigger out-of-bounds memory access during constant tensor import, potentially causing information disclosure, data modification, or denial of service. The vulnerability affects the tensor metadata parsing logic when processing malformed string tensor definitions. MEDIUM 6.6 0.0% 33
No patch
CVE-2026-40450 Integer overflow in Samsung Open Source ONE's output tensor copy size calculation allows local attackers with user interaction to cause memory corruption and potential code execution through oversized tensor processing. The vulnerability affects versions prior to 1.30.0 and stems from improper integer arithmetic when computing copy lengths for tensor data, enabling an attacker to trigger buffer overflows by crafting malicious tensor inputs that bypass size validation. MEDIUM 6.6 0.0% 33
No patch
CVE-2026-40449 Integer overflow in tensor buffer size calculation in Samsung Open Source ONE prior to version 1.30.0 allows local attackers with user-level privileges to cause out-of-bounds memory access, leading to information disclosure and denial of service. The vulnerability requires user interaction to process specially crafted large tensor data. CVSS 6.6 indicates moderate severity with local attack vector and high availability impact. MEDIUM 6.6 0.0% 33
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy