Following the One UI 7 beta 3 release, Samsung has announced a new maintenance release for its Galaxy devices as part of its monthly security updates. The company has published details of the January 2025 security update, which includes patches from both Google and Samsung to fix various vulnerabilities and bugs affecting the Android system and One UI software.
Samsung started rolling out the January 2025 security update as well, and the update has already reached the Galaxy S24, Galaxy S24+, and the Galaxy S24 Ultra.
Samsung’s January 2025 security patch includes fixes for security vulnerabilities found across Android and security vulnerabilities found in Samsung-specific Android smartphones and tablets. According to Samsung’s new security bulletin, the January 2025 security patch includes a total of 54 security fixes.
Out of those, 32 fixes come from Google, while 22 fixes are only for Samsung devices. One fixes from Google were included in Samsung’s December 2024 security patch, while two do not apply to Samsung devices. So, those fixes weren’t contained in Samsung’s new security patch.
Five fixes from the current security patch are marked as critical, while the risk level for 24 fixes is marked as high. Samsung-specific fixes primarily address issues with Samsung’s Sound Picker, Samsung Messages, Notification Manager, and Bootloader.
Samsung will likely release the January 2025 security update for all of its high-end and most mid-range smartphones before the end of this month. Some affordable Galaxy devices may get the update this month, while devices that are not on a monthly schedule will not get the update or will only get it in the next few months.
Samsung January 2025 security update
Critical
- CVE-2024-43096, CVE-2024-43770, CVE-2024-43771, CVE-2024-49747, CVE-2024-49748
High
- CVE-2024-43077, CVE-2024-43701, CVE-2024-33056, CVE-2024-33044, CVE-2024-43052, CVE-2022-42545, CVE-2024-49732, CVE-2024-49735, CVE-2024-49737, CVE-2024-49738, CVE-2024-49744, CVE-2024-49745, CVE-2023-40108, CVE-2024-49733, CVE-2023-40132, CVE-2024-49749, CVE-2024-34722, CVE-2024-34730, CVE-2024-43095, CVE-2024-43765, CVE-2024-49742, CVE-2024-49734, CVE-2024-43763, CVE-2024-49736
Moderate
- None
Already included in previous updates
- CVE-2024-20125
Not applicable to Samsung devices
- CVE-2024-43048, CVE-2024-33063
Samsung
- SVE-2024-0274(CVE-2025-20881): Out-of-bounds write in libsthmbc.so
- SVE-2024-0308(CVE-2025-20882): Out-of-bounds write in libsthmbc.so
- SVE-2024-1217(CVE-2025-20883): Improper access control in SoundPicker
- SVE-2024-1527(CVE-2025-20884): Improper access control in Samsung Message
- SVE-2024-1828(CVE-2025-20885): Out-of-bounds write in softsim TA
- SVE-2024-1834(CVE-2025-20886): Inclusion of sensitive information in test code in softsim TA
- SVE-2024-1875(CVE-2025-20893): Improper access control in NotificationManager
- SVE-2024-2153(CVE-2025-20887): Out-of-bounds read in libsthmbc.so
- SVE-2024-2154(CVE-2025-20888): Out-of-bounds write in libsthmbc.so
- SVE-2024-2156(CVE-2025-20889): Out-of-bounds read in libsthmbc.so
- SVE-2024-2157(CVE-2025-20890): Out-of-bounds write in libsthmbc.so
- SVE-2024-2158(CVE-2025-20891): Out-of-bounds read in libsthmbc.so
- SVE-2024-2171(CVE-2025-20892): Protection Mechanism Failure in bootloader
