This issue has been fixed in this firmware version. Firmware versions lower than 3.1_PRE or higher than 4.0_PDM are not affected. Users are advised to update their systems as soon as possible.

A race condition was discovered in the way SysV init scripts parse the /etc/crypttab file. This could lead to a denial of service if /etc/crypttab was writable by a user with a limited account.

A race condition was discovered in the way SysV init scripts parse the /etc/fstab file. This could lead to a denial of service if /etc/fstab was writable by a user with a limited account.

A race condition was discovered in the way SysV init scripts parse the /etc/grub/grub.conf file. This could lead to a denial of service if /etc/grub.conf was writable by a user with a limited account.

An issue was discovered in Samsung Tizen through 3.0_GBM (and 3.1_PRE). There is an unchecked return value in the Linux kernel in the snd_ctl_add function, causing a possible buffer overflow.

An issue was discovered in Samsung Tizen through 3.0_GBM (and 3.1_PRE). There is an unchecked return value in the Linux kernel in the snd_indirect_buffer function, causing a possible buffer

Fixed vulnerabilities in the current firmware

This issue has been fixed in this firmware version. Firmware versions lower than 3.1_PRE or higher than 4.0_PDM are not affected. Users are advised to update their systems as soon as possible. The most recent firmware releases for affected products will be available on the Samsung website going forward, and you can also check if your device is affected by checking the list of vulnerable models at http://www.samsungsecurity appliance .com/

CERTIFICATION

System Firmware Updates and Security

The following firmware versions are affected:

- 3.1_PRE, 3.2_PRE, 4.0_PDM, 4.1_PRE, 4.2_PQC

Mitigation Strategies


Users are advised to update their systems as soon as possible.

Timeline

Published on: 09/29/2022 03:15:00 UTC
Last modified on: 09/30/2022 20:04:00 UTC

References