Samsung has detailed the security patch for January 2019, which fixes the different level of exploits and issues within Samsung phones.
There are issues with the operating system, kernel patches, and driver updates may not affect any particular device, but need to be fixed in the Android operating system covered by monthly updates.
Samsung is releasing a maintenance release for its flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung, providing fixes to provides 4 Samsung Vulnerabilities and Exposures (SVE) items including the following:
TCP SYN Packet Denial Of Service Vulnerability on the WIFI interface:
Severity – High
Vulnerability – A vulnerability in WIFI allows denial of service due to memory exhaustion from TCP SYN flooding attack.
Fix – The patch prevents memory exhaustion when TCP SYN flooding attack is detected.
Heap Overflow in Baseband (SS ASN Decoding):
Severity – Critical
Vulnerability – A possible heap overflow vulnerability in baseband allows arbitrary code execution.
Fix – The patch adds length check code in the baseband.
Captive Portal redirection vulnerability:
Severity – Moderate
Vulnerability – A vulnerability in Captive Portal allows automatic redirection to unsafe applications.
Fix – The patch blocks handling of custom scheme in Captive Portal to prevent automatic redirection.