Primary

Context

Samsung Libsthmbc.so Out-of-Bounds Write Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A high-severity out-of-bounds write vulnerability has been identified in the libsthmbc.so library, affecting several Android 12, 13, and 14 devices. This vulnerability arises from accessing uninitialized memory in the svc1td function, which can lead to arbitrary code execution with elevated privileges. Exploitation of this vulnerability requires user interaction.

Impact

Exploitation of this vulnerability allows local attackers to execute arbitrary code with privileges on the affected device.

Remediation

Users can apply the January 2025 Security Maintenance Release (SMR) to address this vulnerability. Instructions for updating can be found on the Samsung Mobile Security website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Libsthmbc.so Out-of-Bounds Write Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating