Security
Updates
SmartTV software updates
Samsung Visual Display is releasing Security
Vulnerability Patch (SVP).
How to check update setting: [Menu] -> [Support]
->[Software Update] -> Auto Update=ON.
How to check Software Name: [Menu] -> [Support]
->[About This TV].
Delivery time of security patches may vary depending
on the regions and models.
SVP-AUG-2024
SVE-2024-50018(CVE-2024-7399)
Weakness : Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server allows attackers to write arbitrary file as system authority.
Patch information : The patch modifies verification logic of the input.
SVP-JUL-2024
SVE-2024-50097
Weakness : Memory corruption vulnerability in
chromium engine.
Patch information : The official patch addressed
the issue.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-JAN-2024
SVE-2023-50069
Weakness : Insufficient validation of untrusted XML
input in chromium engine.
Patch information : The official patch addressed
the issue.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-NOV-2023
SVE-2022-50113
Weakness : Invalidation of
anti theft function.
Patch information : The
patch adds proper reset logic.
Update Models: 21 year
models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC,
T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC,
T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
SVP-OCT-2023
SVE-2022-50146,
SVE-2022-50147, SVE-2022-50148, SVE-2022-50149,
SVE-2022-50150, SVE-2022-50151, SVE-2022-50152
Weakness : JIT compiler bug
exist in V8.
Patch information : The
official patch addressed the issue.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-AUG-2023
SVE-2023-50021
Weakness : TV debug
information leak.
Patch information : The
patch blocks debug information.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVE-2023-50040
Weakness : Secure command
leak.
Patch information : The
patch removes secure command.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-DEC-2022
SVE-2022-50125
(CVE-2022-44636)
Weakness : Smart remote
control allows attackers to enable microphone access via
Bluetooth spoofing when a user is activating remote control
by pressing a button.
Patch information : The
patch blocks information transfer without button input.
Update Models: 21 year
models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC,
T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC,
T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
SVP-JUN-2022
SVE-2021-50009
Weakness : webapis issue for
subtitle engine
Patch information: The patch
removes vulnerable function.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-AUG-2021
SVE-2021-50051
Weakness : patch v8 engine
vulnerabilities
Patch information: The patch
removes vulnerable function.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2021-50050
Weakness : patch driver
vulnerability
Patch information: The patch
adds proper check.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVP-JUNE-2021
SVE-2020-50136
Weakness: Remove vulnerable
fuction in nodejs.
Patch information: The patch
removes vulnerable function.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2021-50001
Weakness: buffer overflow
patch on tz-playerservice.
Patch information: The patch
adds proper check.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVP-MAR-2021
SVE-2021-50015 ,
SVE-2021-50016 ,
SVE-2021-50017
Weakness: opensource
vulnerability patch.
Patch information: The
official patch addressed the issue.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2020-50175
Weakness: Remove vulnerable
TVkey code.
Patch information: The patch
removes vulnerable code.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-DEC-2020
SVE-2020-50168 ,
SVE-2020-50169
Weakness: Type confusion
vulnerabilities exist in V8.
Patch information: The
official patch addressed the issue.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-OCT-2020
SVE-2020-50021
Weakness: Out-of-bounds
access vulnerabilities exist in V8.
Patch information: The
official patch addressed the issue.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50128
Weakness: A vulnerability on
JS API allows a attacker to read arbitrary files within the
system.
Patch information: The patch
adds proper permission check.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVE-2020-50036 ,
SVE-2020-50037
Weakness: Out-of-bounds
access vulnerabilities exist in kernel driver.
Patch information: The patch
deletes unused functions.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2020-50024
Weakness: Vulnerabilities
allow unauthorized users to control the application.
Patch information: The patch
adds proper check.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVP-SEP-2020
SVE-2020-50036 ,
SVE-2020-50037
Weakness: Out-of-bounds
access vulnerabilities exist in kernel driver.
Patch information: The patch
deletes unused functions.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVE-2020-50024
Weakness: Vulnerabilities
allow unauthorized users to control the application.
Patch information: The patch
adds proper check.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-JULY-2020
SVE-2020-50021
Weakness: Out-of-bounds
access vulnerabilities exist in V8.
Patch information: The
official patch addressed the issue.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC), 18 year models (T-KTM2AKUC,
T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC,
T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC,
T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50078 ,
SVE-2019-50085 ,
SVE-2019-50086
Weakness: Possible heap
overflow vulnerabilities exist in the drm driver.
Patch information: The patch
adds the proper validation of the parameter.
Update Models: 20 year
models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC,
T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC,
T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC,
T-KTSU2FDEUC, T-KTSU2FUABC), 18 year models (T-KTM2AKUC,
T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC,
T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC,
T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50109
Weakness: A possible memory
leak vulnerability exists in FreeRDP.
Patch information: Official
patches will be applied.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50128
Weakness: A vulnerability on
JS API allows a attacker to read arbitrary files within the
system.
Patch information: The patch
adds proper permission check.
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVP-MAR-2020
SVE-2018-50072
Weakness: Double free
vulnerability exists in Linux Kernel.
Patch information: Official
patches have applied .
Update Models: 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVP-FEB-2020
SVE-2019-50052 ,
SVE-2019-50055
Weakness: Type confusion
vulnerabilities exist in V8.
Patch information: Official
patches have applied.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50054
Weakness: An improper
verification of return value in V8 could lead to object
corruption.
Patch information: Official
patches have applied.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50057 ,
SVE-2019-50061
Weakness: Integer overflow
vulnerabilities exist in V8.
Patch information: Official
patches have applied.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50058 ,
SVE-2019-50059 ,
SVE-2019-50060
Weakness: Out-of-bounds
access vulnerabilities exist in V8.
Patch information: Official
patches have applied.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50070
Weakness: Type confusion
vulnerabilities exist in V8.
Patch information: Official
patches have applied.
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVP-DEC-2019
SVE-2019-50017
Weakness: Insufficient
permission check in SDB allows unauthorized users to get
application`s information.
Patch information:
Permission check logic for debug commands has improved.
Update Models: 15 year
models (T-HKPAKUC, T-HKMFAKUC, T-HKPDEUC, T-HKMFDEUC,
T-HKPUABC, T-HKMFUABC, T-HKPDCNC, T-HKMAKUC, T-HKM6AKUC,
T-HKMDEUC, T-HKM6DEUC, T-HKMUABC, T-HKM6UABC, T-HKMDCNC,
T-HKM6DCNC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC, T-HKMDEUC,
T-HKM6DEUC, T-HKMFDEUC)
SVE-2018-50072
Weakness: Double free
vulnerability exists in Linux Kernel.
Patch information: Official
patches have applied.
Update Models: 15 year
models (T-HKPAKUC, T-HKMFAKUC, T-HKPDEUC, T-HKMFDEUC,
T-HKPUABC, T-HKMFUABC, T-HKPDCNC, T-HKMAKUC, T-HKM6AKUC,
T-HKMDEUC, T-HKM6DEUC, T-HKMUABC, T-HKM6UABC, T-HKMDCNC,
T-HKM6DCNC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC, T-HKMDEUC,
T-HKM6DEUC, T-HKMFDEUC)
SVP-NOV-2019
SVE-2017-50246
Weakness: Ginga-NCL
application with malicious Lua code allow remote code
execution.
Patch information: The patch
prevents lua bytecode execution.
Update Models: 18 year
models only ISDB (T-KTM2UABC, T-KTM2LUABC, T-KTSUUABC,
T-KTSNUABC), 17 year models only ISDB (T-KTMUABC, T-KTSUABC)
SVE-2019-50032
Weakness: Use-After-Free
vulnerability exists in Linux kernel.
Patch information: Official
patches have applied.
Update Models: 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2019-50020
Weakness: Integer overflow
vulnerability in SQLite could allow remote attackers to
execute arbitrary code.
Patch information: Official
patches have applied.
Update Models: 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2019-50070
Weakness: Type confusion in
V8.
Patch information: Official
patches have applied.
Update Models: 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2019-50017
Weakness: Insufficient
permission check in SDB allows unauthorized users to get
application`s information.
Patch information:
Permission check logic for debug commands has improved.
Update Models: 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-SEP-2019
SVE-2019-50017
Weakness: Insufficient
permission check in SDB allows unauthorized users to get
application`s information.
Patch information:
Permission check logic for debug commands has improved.
Update Models: 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVP-AUG-2019
SVE-2019-50019
Weakness: Type confusion
vulnerability in V8 could allow a remote attacker to
potentially exploit heap corruption.
Patch information: Official
patches have applied
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50020
Weakness: Integer overflow
vulnerability in SQLite could allow remote attackers to
execute arbitrary code.
Patch information: Official
patches have applied
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50027
Weakness: Use-After-Free
vulnerability in FileReader could allow a remote attacker to
potentially perform out of bounds memory access.
Patch information: Official
patches have applied
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50032
Weakness: Use-After-Free
vulnerability exists in Linux kernel.
Patch information: Official
patches have applied
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVP-JUNE-2019
SVE-2019-50022
Weakness: A possible Integer
Truncation in FreeRDP could lead to a Heap-Based Buffer
Overflow.
Patch information: The
official patch addressed the issue.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50023
Weakness: A possible Integer
Overflow in FreeRDP could lead to a Heap-Based Buffer
Overflow.
Patch information: The
official patch addressed the issue.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50024
Weakness: A possible several
Out-Of-Bounds Read vulnerabilities in FreeRDP NTLM
Authentication module.
Patch information: The
official patch addressed the issue.
Update Models: 19 year
models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC,
T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50017
Weakness: Insufficient
permission check in SDB allows unauthorized users to get
application`s information.
Patch information:
Permission check logic for debug commands has improved.
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVP-MAY-2019
SVE-2019-50022
Weakness: Symlink race
vulnerability on auto start script could lead to privilege
escalation.
Patch information: The patch
add proper validation logic for file type.
Update Models: 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-DEC-2018
SVE-2018-50056
Weakness: Malicious cloud
apps could be launched through Smartview websocket API.
Patch information: The patch
removes unused code.
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC ), 17 year models (T-KTMAKUC,
T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC,
T-KTSUABC, T-KTSDCNC)
SVE-2018-50036
Weakness: Use-after-free
vulnerability exist in webkit.
Patch information: The
official patch addressed the issue.
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC), 17 year models (T-KTMAKUC,
T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC,
T-KTSUABC, T-KTSDCNC)
SVE-2018-50072
Weakness: Double-free
vulnerability exist in Linux kernel.
Patch information: The
official patch addressed the issue.
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC), 17 year models (T-KTMAKUC,
T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC,
T-KTSUABC, T-KTSDCNC)
SVP-OCT-2018
SVE-2018-50016
Weakness: A possible command
Injection vulnerability exists on sdbd.
Patch information: The patch
adds the proper validation logic.
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVE-2018-50017 ,
SVE-2018-50019
Weakness: A possible buffer
overflow and memory leak vulnerabilities exist on sdbd.
Patch information: The patch
adds proper validation logic and pointer handling.
Update Models: 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVE-2018-50027 ,
SVE-2018-50028 ,
SVE-2018-50032
Weakness: A possible remote
control attack when a desktop or mobile device in the same
network with TV accesses a malicious phishing site.
Patch information: The patch
enhances the CORS rule and adds authentication and encryption
on remote control API.
Update Models: 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2016-50069 ,
SVE-2017-50272
Weakness: Improper
permission for files within USB driver could lead to
privilege escalation.
Patch information: The patch
adds several options when mounting usb driver.
Update Models: 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2017-50219
Weakness: Command injection
when calling the dbus method could cause privilege
escalation.
Patch information: The patch
adds the proper validation logic.
Update Models: 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-SEP-2018
SVE-2016-50069 ,
SVE-2017-50272
Weakness : Improper
permission for files within USB driver could lead to
privilege escalation.
Patch information : The
patch adds several options when mounting usb driver.
Update Models: 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50219
Weakness : Command injection
when calling the dbus method could cause privilege
escalation.
Patch information : The
patch adds the proper validation logic.
Update Models: 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50075 ,
SVE-2017-50281 ,
SVE-2017-50282
Weakness : Malicious cloud
apps could be launched through Smartview API
Patch information : The
patch adds proper validation logic
Update Models: 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50116
Weakness : A vulnerability
on webkit can lead to memory corruption.
Patch information : The
patch adds exception handling.
Update Models : 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50163
Weakness : XML External
Entity Injection on a web application.
Patch information : The
patch disables the external entity.
Update Models : 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50136
Weakness : A vulnerability
in tzdemuxerservice caused memory corruption in TrustZone.
Patch information : The
patch adds the proper validation of the parameter.
Update Models : 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50257
Weakness : Unauthorized
contents can be played in a special case.
Patch information : The
patch adds proper session management.
Update Models : 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2018-50043
Weakness : The privacy issue
of the Login with Facebook.
Patch information : The
patch remove the 'Login with Facebook' function.
Update Models : 16 year
models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC,
T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC,
T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVP-AUG-2018
SVE-2018-50027 ,
SVE-2018-50028 ,
SVE-2018-50032
Weakness : A possible remote
control attack when a desktop or mobile device in the same
network with TV accesses a malicious phishing site.
Patch information : The
patch enhances the CORS rule and adds authentication and
encryption on remote control API.
Update Models : 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC)
SVE-2018-50043
Weakness : The privacy issue
of the Login with Facebook.
Patch information : The
patch remove the 'Login with Facebook' function.
Update Models : 18 year
models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC,
T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC,
T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC,
T-KTSNDEUC, T-KTSNUABC), 17 year products (T-KTMAKUC,
T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC,
T-KTSUABC, T-KTSDCNC)
SVE-2017-50163
Weakness : XML External
Entity Injection on a web application could allow a attacker
to read arbitrary files within the system.
Patch information : The
patch disables the external entity.
Update Models : 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2017-50136
Weakness : A vulnerability
in tzdemuxerservice could cause memory corruption in
TrustZone.
Patch information : The
patch adds the proper validation of the parameter.
Update Models : 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-MAR-2018
SVE-2017-50250
Weakness : A possible replay
attack on a WPA2-enabled network.
Patch information : The
official patch addressed the issue.
Update Models : 17 year
models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC,
T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)