Description
Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
Published: 2026-06-05
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is caused by improper input validation in the Samsung Android USB Driver for Windows before version 1.9.5.0. An attacker who can supply crafted input to the driver can cause the driver to read or otherwise access memory beyond the intended bounds, potentially leading to memory corruption, application or driver crashes, and possibly escalation of privileges if the driver runs with high privileges. The weakness is a classic input validation flaw that can result in out‑of‑bounds memory access.

Affected Systems

On Windows systems that have the Samsung Android USB Driver for Windows installed, any version earlier than 1.9.5.0 is vulnerable. The driver is used to connect Samsung Android devices via USB, and administrators should verify which installed version is present on each workstation or server.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting a limited but non‑negligible risk of exploitation. The attack vector is local: an attacker must be able to run code on the affected machine to supply the malicious data. Without a verified exploit or documented impact beyond corruption, the likelihood of successful exploitation remains uncertain, but because the driver often runs with elevated privileges, the potential impact should not be ignored.

Generated by OpenCVE AI on June 5, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Samsung Android USB Driver to version 1.9.5.0 or later, which resolves the input validation flaw
  • If an update is not immediately available, restrict physical access to the device or remove the USB driver from systems that do not require it
  • Monitor for any anomalous activity or crashes that could indicate exploitation of the memory corruption vulnerability

Generated by OpenCVE AI on June 5, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 07 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Samsung Mobile
Samsung Mobile android Usb Driver For Windows
Vendors & Products Samsung Mobile
Samsung Mobile android Usb Driver For Windows

Fri, 05 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Memory Access in Samsung Android USB Driver for Windows
Weaknesses CWE-122
CWE-20

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Description Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.
References
Metrics cvssV4_0

{'score': 5.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Samsung Mobile Android Usb Driver For Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: SamsungMobile

Published:

Updated: 2026-06-05T19:07:05.482Z

Reserved: 2025-12-11T01:33:35.806Z

Link: CVE-2026-21038

cve-icon Vulnrichment

Updated: 2026-06-05T19:06:59.671Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T11:16:36.553

Modified: 2026-06-05T14:59:51.620

Link: CVE-2026-21038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-07T11:17:16Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow

  • CWE-20

    Improper Input Validation