Just like every other month, Samsung has shared the details of the November 2023 security patch for Galaxy device owners. However, it’s worth mentioning that the Korean tech giant is currently busy refining the stability of One UI 6, and is also considering the device’s security at the same time.
As per the details, the Samsung November 2023 security patch mentions fixes for a total of 65 items including 48 CVEs related to the Android operating system, 15 SVEs related to One UI software, and 2 CVEs related to Samsung Semiconductor.
To be mentioned, the November 2023 update is rolled out for several flagships and mid-range devices with the One UI 6 Beta versions. And for some smartphones like Galaxy S21 Series, Galaxy Z Flip 5 have also acquired fixes and optimizations of the patch separately.
However, the rollout will pick up the pace and be available for all the eligible devices shortly. Make sure to upgrade your smartphone to the latest version, as soon as the patch reaches you. Because, for secure and smooth running regular patches are crucial.
Samsung November 2023 Security Patch – Details
Critical / 5
- CVE-2023-24855, CVE-2023-28540, CVE-2023-33028, CVE-2023-4863, CVE-2023-40113
High / 43
- CVE-2020-29374, CVE-2023-21673, CVE-2023-22385, CVE-2023-24843, CVE-2023-24844, CVE-2023-24848, CVE-2023-24847, CVE-2023-24850, CVE-2023-24849, CVE-2023-24853, CVE-2023-34970, CVE-2023-33200, CVE-2023-33034, CVE-2023-33035,
- CVE-2023-33027, CVE-2023-33029, CVE-2023-33026, CVE-2023-4211, CVE-2023-20819, CVE-2023-32819, CVE-2023-32820, CVE-2021-44828, CVE-2022-28348, CVE-2023-40638, CVE-2023-40106, CVE-2023-40107, CVE-2023-40109, CVE-2023-40110, CVE-2023-40111,
- CVE-2023-40114, CVE-2023-40105, CVE-2023-40124, CVE-2023-40100, CVE-2023-40115, CVE-2023-40104, CVE-2023-40112, CVE-2023-21103, CVE-2023-21111, CVE-2023-21234, CVE-2023-33106, CVE-2023-33107, CVE-2022-22071, CVE-2023-33063.
Samsung Semiconductor patch is also included in this Security Maintenance Release with the following CVE item:
High / 2
- CVE-2023-41111, CVE-2023-41112
Along with Google patches and Samsung Semiconductor patches, Samsung Mobile provides 15 SVE items described below, to improve customer’s confidence in the security of Galaxy devices. Some of the SVE items may not be included in this package, in case of prior resolution.
High / 6
- SVE-2023-1439(CVE-2023-42538): An improper input validation in saped_rec_silence in libsaped
- SVE-2023-1437(CVE-2023-42537): An improper input validation in get_head_crc in libsaped
- SVE-2023-1434(CVE-2023-42536): An improper input validation in saped_dec in libsaped
- SVE-2023-1396(CVE-2023-42533): Improper Input Validation with USB Gadget Interface
- SVE-2023-1365(CVE-2023-42532): Improper Certificate Validation in FotaAgent
- SVE-2023-1363(CVE-2023-42535): Out-of-bounds Write in read_block of vold
- SVE-2023-0541(CVE-2023-42529): Out-of-bound write in libsec-ril
- SVE-2023-0539(CVE-2023-42528): Heap Overflow in ProcessNvBuffering of libsec-ril
- SVE-2023-0538(CVE-2023-42527): Improper input validation in ProcessWriteFile of libsec-ril
- SVE-2023-0537(CVE-2023-30739): Arbitrary File Descriptor Write in libsec-ril
Moderate
- SVE-2023-1031(CVE-2023-42531): Improper access control vulnerability in SmsController
- SVE-2023-0987(CVE-2023-42530): Improper access control vulnerability in SecSettings
- SVE-2023-0611(CVE-2023-42534): Improper input validation vulnerability in ChooserActivity
