Primary

Context

Samsung Mobile Out-of-Bounds Write Vulnerability in libsthmbc.so Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability exists in Samsung Mobile devices running Android 12, 13, or 14, prior to the January 2025 Security Maintenance Release. The issue is an out-of-bounds write in the library libsthmbc.so, specifically in the frame buffer decoding process. This vulnerability allows local attackers to execute arbitrary code with elevated privileges, but requires user interaction to trigger.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution with elevated privileges on the affected device.

Remediation

Users can update to the January 2025 Security Maintenance Release to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

3.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Mobile Out-of-Bounds Write Vulnerability in libsthmbc.so Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Android

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating