Security Updates
Samsung Visual Display is releasing Security Vulnerability Patch (SVP).
Note: If your TV uses the default update settings, the latest firmware will have been automatically installed.
Also, you can download new version of firmware on https://www.samsung.com.
How to check update setting: [Menu] -> [Support] ->[Software Update] -> Auto Update=ON.
How to check Software Name: [Menu] -> [Support] ->[About This TV].
Delivery time of security patches may vary depending on the regions and models.
SVP-DEC-2022
SVE-2022-50125 (CVE-2022-44636)
Weakness : Smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button.
Patch information : The patch blocks information transfer without button input.
Update Models: 21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
SVP-JUN-2022
SVE-2021-50009
Weakness : webapis issue for subtitle engine
Patch information: The patch removes vulnerable function.
Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
22 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-PTMAKUC, T-PTMDEUC, T-PTMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUAB)
SVP-AUG-2021
SVE-2021-50051
Weakness : patch v8 engine vulnerabilities
Patch information: The patch removes vulnerable function.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)
SVE-2021-50050
Weakness : patch driver vulnerability
Patch information: The patch adds proper check.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)
SVP-JUNE-2021
SVE-2020-50136
Weakness: Remove vulnerable fuction in nodejs.
Patch information: The patch removes vulnerable function.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
SVE-2021-50001
Weakness: buffer overflow patch on tz-playerservice.
Patch information: The patch adds proper check.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-MAR-2021
SVE-2021-50015 , SVE-2021-50016 , SVE-2021-50017
Weakness: opensource vulnerability patch.
Patch information: The official patch addressed the issue.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)
SVE-2020-50175
Weakness: Remove vulnerable TVkey code.
Patch information: The patch removes vulnerable code.
Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
21 year models (T-OSCPAKUC, T-OSCPDEUC, T-OSCPUABC, T-NKM2AKUC, T-NKM2DEUC, T-NKM2UABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KSU2EAKUC, T-KSU2EDEUC, T-KSU2EUABC)
SVP-DEC-2020
SVE-2020-50168 , SVE-2020-50169
Weakness: Type confusion vulnerabilities exist in V8.
Patch information: The official patch addressed the issue.
Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-OCT-2020
SVE-2020-50021
Weakness: Out-of-bounds access vulnerabilities exist in V8.
Patch information: The official patch addressed the issue.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50128
Weakness: A vulnerability on JS API allows a attacker to read arbitrary files within the system.
Patch information: The patch adds proper permission check.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2020-50036 , SVE-2020-50037
Weakness: Out-of-bounds access vulnerabilities exist in kernel driver.
Patch information: The patch deletes unused functions.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2020-50024
Weakness: Vulnerabilities allow unauthorized users to control the application.
Patch information: The patch adds proper check.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVP-SEP-2020
SVE-2020-50036 , SVE-2020-50037
Weakness: Out-of-bounds access vulnerabilities exist in kernel driver.
Patch information: The patch deletes unused functions.
Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
SVE-2020-50024
Weakness: Vulnerabilities allow unauthorized users to control the application.
Patch information: The patch adds proper check.
Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC)
SVP-JULY-2020
SVE-2020-50021
Weakness: Out-of-bounds access vulnerabilities exist in V8.
Patch information: The official patch addressed the issue.
Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50078 , SVE-2019-50085 , SVE-2019-50086
Weakness: Possible heap overflow vulnerabilities exist in the drm driver.
Patch information: The patch adds the proper validation of the parameter.
Update Models: 20 year models (T-NKMAKUC, T-NKMDEUC, T-NKMUABC, T-NKLAKUC, T-NKLDEUC, T-NKLUABC, T-KTS2AKUC, T-KTS2DEUC, T-KTS2UABC, T-KTSU2AKUC, T-KTSU2DEUC, T-KTSU2UABC, T-KTSU2FAKUC, T-KTSU2FDEUC, T-KTSU2FUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50109
Weakness: A possible memory leak vulnerability exists in FreeRDP.
Patch information: Official patches will be applied.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50128
Weakness: A vulnerability on JS API allows a attacker to read arbitrary files within the system.
Patch information: The patch adds proper permission check.
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVP-MAR-2020
SVE-2018-50072
Weakness: Double free vulnerability exists in Linux Kernel.
Patch information: Official patches have applied .
Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVP-FEB-2020
SVE-2019-50052 , SVE-2019-50055
Weakness: Type confusion vulnerabilities exist in V8.
Patch information: Official patches have applied.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50054
Weakness: An improper verification of return value in V8 could lead to object corruption.
Patch information: Official patches have applied.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50057 , SVE-2019-50061
Weakness: Integer overflow vulnerabilities exist in V8.
Patch information: Official patches have applied.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50058 , SVE-2019-50059 , SVE-2019-50060
Weakness: Out-of-bounds access vulnerabilities exist in V8.
Patch information: Official patches have applied.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50070
Weakness: Type confusion vulnerabilities exist in V8.
Patch information: Official patches have applied.
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVP-DEC-2019
SVE-2019-50017
Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
Patch information: Permission check logic for debug commands has improved.
Update Models: 15 year models (T-HKPAKUC, T-HKMFAKUC, T-HKPDEUC, T-HKMFDEUC, T-HKPUABC, T-HKMFUABC, T-HKPDCNC, T-HKMAKUC, T-HKM6AKUC, T-HKMDEUC, T-HKM6DEUC, T-HKMUABC, T-HKM6UABC, T-HKMDCNC, T-HKM6DCNC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC)
SVE-2018-50072
Weakness: Double free vulnerability exists in Linux Kernel.
Patch information: Official patches have applied.
Update Models: 15 year models (T-HKPAKUC, T-HKMFAKUC, T-HKPDEUC, T-HKMFDEUC, T-HKPUABC, T-HKMFUABC, T-HKPDCNC, T-HKMAKUC, T-HKM6AKUC, T-HKMDEUC, T-HKM6DEUC, T-HKMUABC, T-HKM6UABC, T-HKMDCNC, T-HKM6DCNC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC, T-HKMDEUC, T-HKM6DEUC, T-HKMFDEUC)
SVP-NOV-2019
SVE-2017-50246
Weakness: Ginga-NCL application with malicious Lua code allow remote code execution.
Patch information: The patch prevents lua bytecode execution.
Update Models: 18 year models only ISDB (T-KTM2UABC, T-KTM2LUABC, T-KTSUUABC, T-KTSNUABC), 17 year models only ISDB (T-KTMUABC, T-KTSUABC)
SVE-2019-50032
Weakness: Use-After-Free vulnerability exists in Linux kernel.
Patch information: Official patches have applied.
Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2019-50020
Weakness: Integer overflow vulnerability in SQLite could allow remote attackers to execute arbitrary code.
Patch information: Official patches have applied.
Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2019-50070
Weakness: Type confusion in V8.
Patch information: Official patches have applied.
Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2019-50017
Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
Patch information: Permission check logic for debug commands has improved.
Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-SEP-2019
SVE-2019-50017
Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
Patch information: Permission check logic for debug commands has improved.
Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVP-AUG-2019
SVE-2019-50019
Weakness: Type confusion vulnerability in V8 could allow a remote attacker to potentially exploit heap corruption.
Patch information: Official patches have applied
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50020
Weakness: Integer overflow vulnerability in SQLite could allow remote attackers to execute arbitrary code.
Patch information: Official patches have applied
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC), 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2019-50027
Weakness: Use-After-Free vulnerability in FileReader could allow a remote attacker to potentially perform out of bounds memory access.
Patch information: Official patches have applied
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50032
Weakness: Use-After-Free vulnerability exists in Linux kernel.
Patch information: Official patches have applied
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVP-JUNE-2019
SVE-2019-50022
Weakness: A possible Integer Truncation in FreeRDP could lead to a Heap-Based Buffer Overflow.
Patch information: The official patch addressed the issue.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50023
Weakness: A possible Integer Overflow in FreeRDP could lead to a Heap-Based Buffer Overflow.
Patch information: The official patch addressed the issue.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50024
Weakness: A possible several Out-Of-Bounds Read vulnerabilities in FreeRDP NTLM Authentication module.
Patch information: The official patch addressed the issue.
Update Models: 19 year models (T-MSMAKUC, T-MSMDEUC, T-MSMUABC, T-MSLAKUC, T-MSLDEUC, T-MSLUABC, T-KTSRUABC, T-KTSURUABC)
SVE-2019-50017
Weakness: Insufficient permission check in SDB allows unauthorized users to get application`s information.
Patch information: Permission check logic for debug commands has improved.
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVP-MAY-2019
SVE-2019-50022
Weakness: Symlink race vulnerability on auto start script could lead to privilege escalation.
Patch information: The patch add proper validation logic for file type.
Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-DEC-2018
SVE-2018-50056
Weakness: Malicious cloud apps could be launched through Smartview websocket API.
Patch information: The patch removes unused code.
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC ), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2018-50036
Weakness: Use-after-free vulnerability exist in webkit.
Patch information: The official patch addressed the issue.
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2018-50072
Weakness: Double-free vulnerability exist in Linux kernel.
Patch information: The official patch addressed the issue.
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-OCT-2018
SVE-2018-50016
Weakness: A possible command Injection vulnerability exists on sdbd.
Patch information: The patch adds the proper validation logic.
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2018-50017 , SVE-2018-50019
Weakness: A possible buffer overflow and memory leak vulnerabilities exist on sdbd.
Patch information: The patch adds proper validation logic and pointer handling.
Update Models: 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2018-50027 , SVE-2018-50028 , SVE-2018-50032
Weakness: A possible remote control attack when a desktop or mobile device in the same network with TV accesses a malicious phishing site.
Patch information: The patch enhances the CORS rule and adds authentication and encryption on remote control API.
Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2016-50069 , SVE-2017-50272
Weakness: Improper permission for files within USB driver could lead to privilege escalation.
Patch information: The patch adds several options when mounting usb driver.
Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2017-50219
Weakness: Command injection when calling the dbus method could cause privilege escalation.
Patch information: The patch adds the proper validation logic.
Update Models: 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-SEP-2018
SVE-2016-50069 , SVE-2017-50272
Weakness : Improper permission for files within USB driver could lead to privilege escalation.
Patch information : The patch adds several options when mounting usb driver.
Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50219
Weakness : Command injection when calling the dbus method could cause privilege escalation.
Patch information : The patch adds the proper validation logic.
Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50075 , SVE-2017-50281 , SVE-2017-50282
Weakness : Malicious cloud apps could be launched through Smartview API
Patch information : The patch adds proper validation logic
Update Models: 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50116
Weakness : A vulnerability on webkit can lead to memory corruption.
Patch information : The patch adds exception handling.
Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50163
Weakness : XML External Entity Injection on a web application.
Patch information : The patch disables the external entity.
Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50136
Weakness : A vulnerability in tzdemuxerservice caused memory corruption in TrustZone.
Patch information : The patch adds the proper validation of the parameter.
Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2017-50257
Weakness : Unauthorized contents can be played in a special case.
Patch information : The patch adds proper session management.
Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVE-2018-50043
Weakness : The privacy issue of the Login with Facebook.
Patch information : The patch remove the 'Login with Facebook' function.
Update Models : 16 year models (T-JZMAKUC, T-JZMDEUC, T-JZMUABC, T-JZMDCNC, T-JZL6AKUC, T-JZL6DEUC, T-JZL6UABC, T-JZL6DCNC, T-HKMFKAKUC, T-HKMFKDEUC, T-HKMFKUABC, T-HKMFKDCNC)
SVP-AUG-2018
SVE-2018-50027 , SVE-2018-50028 , SVE-2018-50032
Weakness : A possible remote control attack when a desktop or mobile device in the same network with TV accesses a malicious phishing site.
Patch information : The patch enhances the CORS rule and adds authentication and encryption on remote control API.
Update Models : 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC)
SVE-2018-50043
Weakness : The privacy issue of the Login with Facebook.
Patch information : The patch remove the 'Login with Facebook' function.
Update Models : 18 year models (T-KTM2AKUC, T-KTM2DEUC, T-KTM2UABC, T-KTM2DCNC, T-KTM2LAKUC, T-KTM2LDEUC, T-KTM2LUABC, T-KTM2LDCNC, T-KTSUAKUC, T-KTSUDEUC, T-KTSUUABC, T-KTSUDCNC, T-KTSNAKUC, T-KTSNDEUC, T-KTSNUABC), 17 year products (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2017-50163
Weakness : XML External Entity Injection on a web application could allow a attacker to read arbitrary files within the system.
Patch information : The patch disables the external entity.
Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVE-2017-50136
Weakness : A vulnerability in tzdemuxerservice could cause memory corruption in TrustZone.
Patch information : The patch adds the proper validation of the parameter.
Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)
SVP-MAR-2018
SVE-2017-50250
Weakness : A possible replay attack on a WPA2-enabled network.
Patch information : The official patch addressed the issue.
Update Models : 17 year models (T-KTMAKUC, T-KTMDEUC, T-KTMUABC, T-KTMDCNC, T-KTSAKUC, T-KTSDEUC, T-KTSUABC, T-KTSDCNC)