An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26602
Reference (s):
- https://security.samsungmobile.com/securityUpdate.smsb