Protection Mechanism Flaw in Samsung Bootloader
CVE-2024-49422

5.2MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 31 December 2024

What is CVE-2024-49422?

A significant vulnerability exists in the Samsung bootloader prior to the SMR October 2024 Release 1, which allows physical attackers to bypass the lockscreen failure count through hardware fault injection. This flaw requires user interaction to be exploited, thereby posing a risk to device security. Users should remain vigilant and consider updating their devices to mitigate the risk associated with this protection mechanism failure.

Affected Version(s)

Samsung Mobile Devices SMR Oct-2024 Release in Select Android 13 devices using Unisoc chipset

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Oct 15, 2024