Samsung has detailed the security patch for December 2018, which fixes exploits and issues within Samsung phones.
There are issues with the operating system, kernel patches, and driver updates may not affect any particular device, but need to be fixed in the Android operating system covered by monthly updates.
Samsung is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung, providing fixes to provides 40 Samsung Vulnerabilities and Exposures (SVE) items including the following:
- Improper access to Secure Folder: A vulnerability in the Secure Folder app allow access without authentication.
- Malicious permission grant by Quick Tools: A vulnerability allows location permission to bypass lock screen when using the compass function in QuickTools.
- Race condition vulnerability in g2d driver: A vulnerability in g2d driver causes use after free race condition between threads.
- Privileged code execution by Dual Messenger: A vulnerability allows installation of arbitrary Apk to invoke unauthorized activity to Dual Messenger.
- Information disclosure in the g2d_drv driver: A kernel pointer vulnerability in g2d driver allows information disclosure.
- Stack overflow in baseband: A possible stack overflow vulnerability in baseband allows arbitrary code execution.
- Heap overflow in the baseband: A possible heap overflow vulnerability in baseband may cause memory issues.
- Clipboard access in lock screen: A vulnerability allows access to clipboard information via copy & paste in the locked state.