Samsung Mobile Secfr Trustlet Out-of-Bounds Write Vulnerability Allowing Memory Corruption

A high-severity out-of-bounds write vulnerability has been identified in the secfr trustlet of Samsung Mobile devices, prior to the SMR April 2025 Release 1. This vulnerability allows local privileged attackers to cause memory corruption. The issue arises from improper input validation, which can be exploited to write data outside the intended boundaries, potentially leading to arbitrary code execution or other malicious outcomes.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to arbitrary code execution or other malicious outcomes by allowing attackers to manipulate memory in unintended ways.

Remediation

Users can apply the SMR April 2025 Release 1 update to address this vulnerability. This update is part of the monthly Security Maintenance Release process and includes patches from both Google and Samsung. For detailed information on Samsung's security update process, please refer to the Samsung Mobile Security Update page.