Samsung has already started the rollout of the March 2024 security patch for Galaxy S24 devices, on the other hand, the Korean tech giant has announced the details of the March 2024 security update for its Galaxy devices on the fourth day of the month.
Samsung March 2024 security update addresses 46 CVEs, including 2 critical, and 35 high-level CVEs for the Android operating system. However, 4 CVEs were resolved by a previous software update from the company, and 5 CVEs are not relevant to Samsung Galaxy devices.
In addition to the Google patch, Samsung provides 9 SVE items to improve the Galaxy user experience. The latest security patch fixes miscellaneous issues related to app lock, bootloader, some services, and others.
Android patch details:
The latest security update is based on the Android Security Bulletin – March 2024, which includes patches for 41 issues identified by Google.
Critical
CVE-2024-0039, CVE-2024-23717
High
CVE-2023-5091, CVE-2023-5249, CVE-2023-5643, CVE-2024-20011, CVE-2024-20007, CVE-2023-33046, CVE-2023-33072, CVE-2023-33060, CVE-2023-33076, CVE-2023-33058, CVE-2023-33049, CVE-2023-33057, CVE-2023-43523, CVE-2023-43522, CVE-2023-43536, CVE-2023-43533, CVE-2023-43513, CVE-2023-43516, CVE-2023-43534, CVE-2023-49668, CVE-2023-49667, CVE-2023-32842, CVE-2023-32841, CVE-2023-32843, CVE-2024-0044, CVE-2024-0046, CVE-2024-0048, CVE-2024-0049, CVE-2024-0050, CVE-2024-0051, CVE-2024-0053, CVE-2024-0047, CVE-2024-0045, CVE-2024-0052, CVE-2023-21135
Moderate
None
Already included in previous updates
CVE-2024-20010, CVE-2023-43520, CVE-2024-20003, CVE-2023-21234
Not applicable to Samsung devices:
CVE-2024-20009, CVE-2024-20006, CVE-2023-43518, CVE-2023-43519, CVE-2023-40081
※ Please see the Android Security Bulletin for detailed information on Google patches.
Samsung One UI Patch Details
In addition to Google, Samsung also addressed 9 issues specific to its devices, such as an improper access control vulnerability in the Custom Frequency Manager service, a sensitive information exposure vulnerability in WlanTest, and more.
- SVE-2023-1793(CVE-2024-20830): Incorrect default permission in AppLock
- SVE-2023-2078(CVE-2024-20831): Stack overflow in bootloader
- SVE-2023-2079(CVE-2024-20832): Heap overflow in bootloader
- SVE-2023-2151(CVE-2024-20833): Use after free vulnerability in NETLINKFIPSCRYPTO
- SVE-2023-2170(CVE-2024-20834): The sensitive information exposure vulnerability in WlanTest
- SVE-2023-2382(CVE-2024-20835): Improper access control vulnerability in CustomFrequencyManagerService
- SVE-2023-2385(CVE-2024-20836): Out of bounds Read vulnerability in libsubextractor.so
- Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.
