# SAMSUNG Mobile Security Maintenance February 2023
## SAMSUNG Mobile Security Maintenance February 2023
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process. This SMR package includes patches from Google and Samsung.
## Google patches include patches up to Android Security Bulletin – February 2023 package. The Bulletin (February 2023) contains the following CVE items:
\
**Critical**\
CVE-2022-42719, CVE-2022-42721, CVE-2022-42720, CVE-2022-41674, CVE-2022-22088\
\
**High**\
CVE-2022-20235, CVE-2023-20928, CVE-2022-2959, CVE-2022-32636, CVE-2022-32637, CVE-2022-25746, CVE-2022-23960, CVE-2022-25725, CVE-2022-33284, CVE-2022-33286, CVE-2022-33276, CVE-2022-33285, CVE-2022-44426, CVE-2022-44425, CVE-2022-44427, CVE-2022-44428, CVE-2022-44431, CVE-2022-44429, CVE-2022-44432, CVE-2022-44430, CVE-2022-44435, CVE-2022-44437, CVE-2022-44434, CVE-2022-44436, CVE-2022-44438, CVE-2022-20443, CVE-2022-20551, CVE-2023-20934, CVE-2023-20942, CVE-2023-20943, CVE-2023-20944, CVE-2023-20948, CVE-2023-20933, CVE-2022-20481, CVE-2022-43680, CVE-2023-20939, CVE-2023-20945, CVE-2023-20946, CVE-2023-20932, CVE-2022-20455, CVE-2020-27059, CVE-2022-20441, CVE-2022-20451\
\
**Moderate**\
None\
\
**Already included in previous updates**\
CVE-2021-35097, CVE-2021-35113, CVE-2021-35134, CVE-2022-33274, CVE-2022-33252, CVE-2022-33253, CVE-2022-33283, CVE-2022-20006\
\
**Not applicable to Samsung devices**\
CVE-2022-32635, CVE-2022-33266, CVE-2022-33255, CVE-2023-20940\
\
\
\&#xNAN;*※ Please see Android Security Bulletin for detailed information on Google patches.*\
\
\
Along with Google patches, Samsung Mobile provides 7 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices. Samsung security index (SSI), found in “Security software version”, SMR Feb-2023 Release 1 includes all patches from Samsung and Google. Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.
### **SVE-2022-2738(CVE-2023-21440): Improper access control vulnerability in WindowManagerService**
\
Severity: High\
Affected versions: T(13)\
Reported on: November 21, 2022\
Disclosure status: Privately disclosed\
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.\
The patch adds proper permission check to prevent unauthorized access.
### **SVE-2022-2726(CVE-2023-21439): Improper input validation in UwbDataTxStatusEven**
\
Severity: High\
Affected versions: S(12), T(13)\
Reported on: November 19, 2022\
Disclosure status: Privately disclosed\
Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.\
The patch adds proper validation logic to prevent privilege escalation.
### **SVE-2022-2546(CVE-2023-21438): App preview disclosure protected by Secure Folder in Recents**
\
Severity: Moderate\
Affected versions: R(11), S(12)\
Reported on: October 25, 2022\
Disclosure status: Privately disclosed\
Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.\
The patch adds proper validation logic to prevent unauthorized access.
### **SVE-2022-2328(CVE-2023-21437): Improper access control vulnerability in Phone application**
\
Severity: Moderate\
Affected versions: Q(10), R(11), S(12), T(13)\
Reported on: September 20, 2022\
Disclosure status: Privately disclosed\
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.\
The patch adds proper permission to prevent improper access.
### **SVE-2022-2296(CVE-2023-21436): Implicit intent hijacking vulnerability in Contacts**
\
Severity: Moderate\
Affected versions: Q(10), R(11), S(12), T(13)\
Reported on: September 17, 2022\
Disclosure status: Privately disclosed\
Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.\
The patch change the implicit intent to explicit intent.
### **SVE-2022-2195(CVE-2023-21435): Exposure of Sensitive Information vulnerability in Fingerprint TA**
\
Severity: Moderate\
Affected versions: Select R(11), S(12), T(13) devices\
Reported on: September 9, 2022\
Disclosure status: Privately disclosed\
Exposure of sensitive information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.\
The patch removes log that show the memory address.\
\
\&#xNAN;*Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.*
## **Acknowledgements**
```
Michał Bednarski: SVE-2022-2738
Binwei Shen: SVE-2022-2726
Emilio Garza Cantu: SVE-2022-2546
Oversecured Inc: SVE-2022-2328, SVE-2022-2296
Zhongquan Li @ ADLab of VenusTech: SVE-2022-2195
```
## 출처 : [바로가기 ](https://security.samsungmobile.com/securityUpdate.smsb)
{% embed url="" %}
NHN Cloud 정보 사이트
{% endembed %}
{% embed url="" %}
취약점 진단 분석 평가 방법 사이트
{% endembed %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://sul.skill.or.kr/mobile-security-updates/2023-samsung-mobile/samsung-mobile-security-maintenance-february-2023.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.