Security Updates

• SmartTV software updates
  
  Samsung SmartTV's software update support policy is as follows.
  SmartTV(including Voice Assistance(Bixby)) is guaranteed to support and receive software updates for at least 5 years from launch of product. We will aim to provide additional support for critical updates and security patches after this period, where possible.

• Samsung Visual Display is releasing Security Vulnerability Patch (SVP).
  
  Note: If your Smart TV, Audio and Displays use the default update settings, the latest firmware will have been automatically installed. Also, you can download new version of firmware on https://www.samsung.com.
  • How to check update setting: [Menu] -> [Support] ->[Software Update] -> Auto Update=ON.
  • How to check Software Name: [Menu] -> [Support] ->[About This TV].
  • Delivery time of security patches may vary depending on the regions and models.

SVP-MAY-2025

• SVE-2025-50001(CVE-2025-4632)
  • Weakness : Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server allows attackers to write arbitrary file as system authority.
  • Patch information : The patch modifies verification logic of the input.

SVP-AUG-2024

• SVE-2024-50018(CVE-2024-7399)
  • Weakness : Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server allows attackers to write arbitrary file as system authority.
  • Patch information : The patch modifies verification logic of the input.

SVP-JUL-2024

• SVE-2024-50097
  • Weakness : Memory corruption vulnerability in chromium engine.
  • Patch information : The official patch addressed the issue.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    23 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-OSCSAKUC, T-OSCSDEUC, T-OSCSUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    24 year models (T-RSPDAKUC, T-RSPDDEUC, T-RSPDUABC, T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-OSCSAKUC, T-OSCSDEUC, T-OSCSUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-PTMLDAKUC, T-PTMLDDEUC, T-PTMLDUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)

SVP-JAN-2024

• SVE-2023-50069
  • Weakness : Insufficient validation of untrusted XML input in chromium engine.
  • Patch information : The official patch addressed the issue.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)

SVP-NOV-2023

• SVE-2022-50113
  • Weakness : Invalidation of anti theft function.
  • Patch information : The patch adds proper reset logic.
  • Update Models: 21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)

SVP-OCT-2023

• SVE-2022-50146, SVE-2022-50147, SVE-2022-50148, SVE-2022-50149, SVE-2022-50150, SVE-2022-50151, SVE-2022-50152
  • Weakness : JIT compiler bug exist in V8.
  • Patch information : The official patch addressed the issue.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)

SVP-AUG-2023

• SVE-2023-50021
  • Weakness : TV debug information leak.
  • Patch information : The patch blocks debug information.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    23 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-OSCSAKUC, T-OSCSDEUC, T-OSCSUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
  
  SVE-2023-50040
  • Weakness : Secure command leak.
  • Patch information : The patch removes secure command.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    23 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-OSCSAKUC, T-OSCSDEUC, T-OSCSUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)

SVP-DEC-2022

• SVE-2022-50125 (CVE-2022-44636)
  • Weakness : Smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button.
  • Patch information : The patch blocks information transfer without button input.
  • Update Models: 21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)

SVP-JUN-2022

• SVE-2021-50009
  • Weakness : webapis issue for subtitle engine
  • Patch information: The patch removes vulnerable function.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
    22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)

SVP-AUG-2021

• SVE-2021-50051
  • Weakness : patch v8 engine vulnerabilities
  • Patch information: The patch removes vulnerable function.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
    20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)
  
  SVE-2021-50050
  • Weakness : patch driver vulnerability
  • Patch information: The patch adds proper check.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
    20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)

SVP-JUNE-2021

• SVE-2020-50136
  • Weakness: Remove vulnerable fuction in nodejs.
  • Patch information: The patch removes vulnerable function.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
    20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
  
  SVE-2021-50001
  • Weakness: buffer overflow patch on tz-playerservice.
  • Patch information: The patch adds proper check.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
    20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)

SVP-MAR-2021

• SVE-2021-50015, SVE-2021-50016, SVE-2021-50017
  • Weakness: opensource vulnerability patch.
  • Patch information: The official patch addressed the issue.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
    20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)
  
  SVE-2020-50175
  • Weakness: Remove vulnerable TVkey code.
  • Patch information: The patch removes vulnerable code.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
    21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)

SVP-DEC-2020

• SVE-2020-50168, SVE-2020-50169
  • Weakness: Type confusion vulnerabilities exist in V8.
  • Patch information: The official patch addressed the issue.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)

SVP-OCT-2020

• SVE-2020-50021
  • Weakness: Out-of-bounds access vulnerabilities exist in V8.
  • Patch information: The official patch addressed the issue.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2019-50128
  • Weakness: A vulnerability on JS API allows a attacker to read arbitrary files within the system.
  • Patch information: The patch adds proper permission check.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2020-50036, SVE-2020-50037
  • Weakness: Out-of-bounds access vulnerabilities exist in kernel driver.
  • Patch information: The patch deletes unused functions.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2020-50024
  • Weakness: Vulnerabilities allow unauthorized users to control the application.
  • Patch information: The patch adds proper check.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  

SVP-SEP-2020

• SVE-2020-50036, SVE-2020-50037
  • Weakness: Out-of-bounds access vulnerabilities exist in kernel driver.
  • Patch information: The patch deletes unused functions.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
  
  SVE-2020-50024
  • Weakness: Vulnerabilities allow unauthorized users to control the application.
  • Patch information: The patch adds proper check.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
  
  

SVP-JULY-2020

• SVE-2020-50021
  • Weakness: Out-of-bounds access vulnerabilities exist in V8.
  • Patch information: The official patch addressed the issue.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2019-50078, SVE-2019-50085, SVE-2019-50086
  • Weakness: Possible heap overflow vulnerabilities exist in the drm driver.
  • Patch information: The patch adds the proper validation of the parameter.
  • Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2019-50109
  • Weakness: A possible memory leak vulnerability exists in FreeRDP.
  • Patch information: Official patches will be applied.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2019-50128
  • Weakness: A vulnerability on JS API allows a attacker to read arbitrary files within the system.
  • Patch information: The patch adds proper permission check.
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  

SVP-MAR-2020

• SVE-2018-50072
  • Weakness: Double free vulnerability exists in Linux Kernel.
  • Patch information: Official patches have applied .
  • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  

SVP-FEB-2020

• SVE-2019-50052, SVE-2019-50055
  • Weakness: Type confusion vulnerabilities exist in V8.
  • Patch information: Official patches have applied.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2019-50054
  • Weakness: An improper verification of return value in V8 could lead to object corruption.
  • Patch information: Official patches have applied.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2019-50057, SVE-2019-50061
  • Weakness: Integer overflow vulnerabilities exist in V8.
  • Patch information: Official patches have applied.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2019-50058, SVE-2019-50059, SVE-2019-50060
  • Weakness: Out-of-bounds access vulnerabilities exist in V8.
  • Patch information: Official patches have applied.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2019-50070
  • Weakness: Type confusion vulnerabilities exist in V8.
  • Patch information: Official patches have applied.
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  

SVP-DEC-2019

• SVE-2019-50017
  • Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
  • Patch information: Permission check logic for debug commands has improved.
  • Update Models: 15 year models (T-HKPAKUC, T-HKMFAKUC, T-HKPDEUC, T-HKMFDEUC, T-HKPUABC, T-HKMFUABC, T-HKPDCNC, T-HKMAKUC, T-HKM6AKUC, T-HKMDEUC, T-HKM6DEUC, T-HKMUABC, T-HKM6UABC, T-HKMDCNC, T-HKM6DCNC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC)
  
  SVE-2018-50072
  • Weakness: Double free vulnerability exists in Linux Kernel.
  • Patch information: Official patches have applied.
  • Update Models: 15 year models (T-HKPAKUC, T-HKMFAKUC, T-HKPDEUC, T-HKMFDEUC, T-HKPUABC, T-HKMFUABC, T-HKPDCNC, T-HKMAKUC, T-HKM6AKUC, T-HKMDEUC, T-HKM6DEUC, T-HKMUABC, T-HKM6UABC, T-HKMDCNC, T-HKM6DCNC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC)
  
  

SVP-NOV-2019

• SVE-2017-50246
  • Weakness: Ginga-NCL application with malicious Lua code allow remote code execution.
  • Patch information: The patch prevents lua bytecode execution.
  • Update Models: 18 year models only ISDB (T-KTM2UABC, T-KTM2LUABC, T-KTSUUABC, T-KTSNUABC), 17 year models only ISDB (T-KTMUABC, T-KTSUABC)
  
  SVE-2019-50032
  • Weakness: Use-After-Free vulnerability exists in Linux kernel.
  • Patch information: Official patches have applied.
  • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2019-50020
  • Weakness: Integer overflow vulnerability in SQLite could allow remote attackers to execute arbitrary code.
  • Patch information: Official patches have applied.
  • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2019-50070
  • Weakness: Type confusion in V8.
  • Patch information: Official patches have applied.
  • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2019-50017
  • Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
  • Patch information: Permission check logic for debug commands has improved.
  • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  

SVP-SEP-2019

• SVE-2019-50017
  • Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
  • Patch information: Permission check logic for debug commands has improved.
  • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  

SVP-AUG-2019

• SVE-2019-50019
  • Weakness: Type confusion vulnerability in V8 could allow a remote attacker to potentially exploit heap corruption.
  • Patch information: Official patches have applied
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2019-50020
  • Weakness: Integer overflow vulnerability in SQLite could allow remote attackers to execute arbitrary code.
  • Patch information: Official patches have applied
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2019-50027
  • Weakness: Use-After-Free vulnerability in FileReader could allow a remote attacker to potentially perform out of bounds memory access.
  • Patch information: Official patches have applied
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2019-50032
  • Weakness: Use-After-Free vulnerability exists in Linux kernel.
  • Patch information: Official patches have applied
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  

SVP-JUNE-2019

• SVE-2019-50022
  • Weakness: A possible Integer Truncation in FreeRDP could lead to a Heap-Based Buffer Overflow.
  • Patch information: The official patch addressed the issue.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2019-50023
  • Weakness: A possible Integer Overflow in FreeRDP could lead to a Heap-Based Buffer Overflow.
  • Patch information: The official patch addressed the issue.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2019-50024
  • Weakness: A possible several Out-Of-Bounds Read vulnerabilities in FreeRDP NTLM Authentication module.
  • Patch information: The official patch addressed the issue.
  • Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
  
  SVE-2019-50017
  • Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
  • Patch information: Permission check logic for debug commands has improved.
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  

SVP-MAY-2019

• SVE-2019-50022
  • Weakness: Symlink race vulnerability on auto start script could lead to privilege escalation.
  • Patch information: The patch add proper validation logic for file type.
  • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  

SVP-DEC-2018

• SVE-2018-50056
  • Weakness: Malicious cloud apps could be launched through Smartview websocket API.
  • Patch information: The patch removes unused code.
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC ), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2018-50036
  • Weakness: Use-after-free vulnerability exist in webkit.
  • Patch information: The official patch addressed the issue.
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2018-50072
  • Weakness: Double-free vulnerability exist in Linux kernel.
  • Patch information: The official patch addressed the issue.
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  

SVP-OCT-2018

• SVE-2018-50016
  • Weakness: A possible command Injection vulnerability exists on sdbd.
  • Patch information: The patch adds the proper validation logic.
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2018-50017, SVE-2018-50019
  • Weakness: A possible buffer overflow and memory leak vulnerabilities exist on sdbd.
  • Patch information: The patch adds proper validation logic and pointer handling.
  • Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2018-50027, SVE-2018-50028, SVE-2018-50032
  • Weakness: A possible remote control attack when a desktop or mobile device in the same network with TV accesses a malicious phishing site.
  • Patch information: The patch enhances the CORS rule and adds authentication and encryption on remote control API.
  • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2016-50069, SVE-2017-50272
  • Weakness: Improper permission for files within USB driver could lead to privilege escalation.
  • Patch information: The patch adds several options when mounting usb driver.
  • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2017-50219
  • Weakness: Command injection when calling the dbus method could cause privilege escalation.
  • Patch information: The patch adds the proper validation logic.
  • Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  

SVP-SEP-2018

• SVE-2016-50069, SVE-2017-50272
  • Weakness : Improper permission for files within USB driver could lead to privilege escalation.
  • Patch information : The patch adds several options when mounting usb driver.
  • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  SVE-2017-50219
  • Weakness : Command injection when calling the dbus method could cause privilege escalation.
  • Patch information : The patch adds the proper validation logic.
  • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  SVE-2017-50075, SVE-2017-50281, SVE-2017-50282
  • Weakness : Malicious cloud apps could be launched through Smartview API
  • Patch information : The patch adds proper validation logic
  • Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  SVE-2017-50116
  • Weakness : A vulnerability on webkit can lead to memory corruption.
  • Patch information : The patch adds exception handling.
  • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  SVE-2017-50163
  • Weakness : XML External Entity Injection on a web application.
  • Patch information : The patch disables the external entity.
  • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  SVE-2017-50136
  • Weakness : A vulnerability in tzdemuxerservice caused memory corruption in TrustZone.
  • Patch information : The patch adds the proper validation of the parameter.
  • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  SVE-2017-50257
  • Weakness : Unauthorized contents can be played in a special case.
  • Patch information : The patch adds proper session management.
  • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  SVE-2018-50043
  • Weakness : The privacy issue of the Login with Facebook.
  • Patch information : The patch remove the 'Login with Facebook' function.
  • Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
  
  

SVP-AUG-2018

• SVE-2018-50027, SVE-2018-50028, SVE-2018-50032
  • Weakness : A possible remote control attack when a desktop or mobile device in the same network with TV accesses a malicious phishing site.
  • Patch information : The patch enhances the CORS rule and adds authentication and encryption on remote control API.
  • Update Models : 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
  
  SVE-2018-50043
  • Weakness : The privacy issue of the Login with Facebook.
  • Patch information : The patch remove the 'Login with Facebook' function.
  • Update Models : 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year products (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2017-50163
  • Weakness : XML External Entity Injection on a web application could allow a attacker to read arbitrary files within the system.
  • Patch information : The patch disables the external entity.
  • Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  SVE-2017-50136
  • Weakness : A vulnerability in tzdemuxerservice could cause memory corruption in TrustZone.
  • Patch information : The patch adds the proper validation of the parameter.
  • Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
  
  

SVP-MAR-2018

• SVE-2017-50250
  • Weakness : A possible replay attack on a WPA2-enabled network.
  • Patch information : The official patch addressed the issue.
  • Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)