Samsung has officially released the March 2023 Android security patch details, revealing the latest software update fixes and improvements for Galaxy devices. So far, the company has not started the latest patch’s rollout for Galaxy devices, but we believe it’s not too away now.
According to the information (via SammyFans), March 2023 security patch for Samsung devices brings Google patches that are mentioned in the Android security bulletin. There are a number of common vulnerability exposures listed in the document that falls into different ranges including:
Follow our socials → Google News, Telegram, Twitter, Facebook
- Critical – 5
- High – 35
- Moderate – 0
- Already fixed – 4
- Not applicable – 5
Aside from these CVE items, the March 2023 patch also includes 23 One UI patches which Samsung calls SVE (Samsung Vulnerabilities and Exposures). Together with Android and One UI patches, the latest software update ensures the best security and privacy on Galaxy devices.
Severe issues that are patched in the March OTA:
Call application
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. The patch adds proper permission to prevent improper access.
Samsung Keyboard
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows a physical attacker to access users’ text history on the lock screen. The patch removes the context menu on the lock screen.
Vulnerability in System UI
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI allows attackers to turn off Do not disturb via unprotected intent. Samsung’s March 2023 patch adds proper protection for the intent.
Galaxy Themes
Path traversal vulnerability in Galaxy Themes Service allows attackers to access arbitrary files with system uid. The March update adds proper input validation.
Bluetooth
Improper access control vulnerability in Bluetooth prior allows attackers to send files via Bluetooth without related permission. The company has also patched this flaw with the latest OTA release, which affects Galaxy devices running Android 11 to 13.
Use after-free vulnerability in decon driver
This issue affected Galaxy devices running Android 11/12/13 with Exynos 2100 chipset (Galaxy S21 series). It allows attackers to cause memory access faults, which have been fixed with the addition of proper check logic to prevent use after free.
March 2023 CVE fixes:
Critical
- CVE-2022-33232, CVE-2022-33243, CVE-2022-40514, CVE-2023-20951, CVE-2023-20954
High
- CVE-2022-0850, CVE-2022-41222, CVE-2023-20937, CVE-2023-20938, CVE-2023-20602, CVE-2022-33221, CVE-2022-33233, CVE-2022-33248, CVE-2022-33277, CVE-2022-47339, CVE-2022-47331
- CVE-2023-20906, CVE-2023-20911, CVE-2023-20917, CVE-2023-20947, CVE-2023-20963, CVE-2023-20956, CVE-2023-20958, CVE-2023-20964, CVE-2023-20926, CVE-2023-20931, CVE-2023-20936
- CVE-2023-20953, CVE-2023-20955, CVE-2023-20957, CVE-2023-20959, CVE-2023-20960, CVE-2023-20966, CVE-2022-4452, CVE-2022-20467, CVE-2023-20929, CVE-2023-20952, CVE-2023-20962, CVE-2022-20499, CVE-2023-20910
Moderate
- None
Already included in previous updates
- CVE-2022-40502, CVE-2022-40512, CVE-2022-33271, CVE-2022-33306
Not applicable to Samsung devices
- CVE-2022-39189, CVE-2022-39842, CVE-2022-33280, CVE-2022-34145, CVE-2022-34146
