CVE-2020-35548 in Mobile Deviceinfo

Summary

by MITRE • 12/18/2020

An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020).

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 07/05/2026

This vulnerability exists within the Finder application component of Samsung mobile devices running Android Q version 10.0 operating system. The issue stems from an improper handling of content provider calls where the application attempts to access a provider that does not exist within the system's content provider registry. This flaw represents a classic example of improper input validation and resource management that can be exploited by malicious actors to disrupt normal device operations.

The technical implementation of this vulnerability occurs when the Finder application makes a call to a content provider using a URI scheme that references a non-existent provider component. This type of error condition typically arises from hardcoded provider URIs or improper dynamic provider resolution mechanisms within the application's codebase. When the system attempts to resolve this reference, it fails to properly handle the missing provider exception, leading to an application crash or system-level denial of service condition. The vulnerability aligns with CWE-471 which addresses the issue of using an incorrect object in a method call, and potentially CWE-665 which deals with improper initialization of resources.

The operational impact of this vulnerability is significant as it allows remote attackers to perform denial of service attacks against Samsung devices without requiring any special privileges or user interaction. An attacker could craft a malicious payload that triggers the vulnerable code path within Finder, causing the application to crash repeatedly or consume excessive system resources. This disruption affects not only the Finder functionality but may also impact other system services that depend on proper content provider resolution mechanisms. The vulnerability specifically targets devices running Android Q 10.0 which represents a substantial user base given the widespread adoption of this operating system version in Samsung's flagship devices.

From a threat modeling perspective, this vulnerability demonstrates how seemingly minor implementation flaws in core system applications can be leveraged for impactful attacks. The attack surface is relatively broad since Finder is a frequently used application and the denial of service condition affects core device functionality. Security researchers have identified this issue as part of the broader category of mobile application stability vulnerabilities that can be exploited through content provider manipulation techniques. The vulnerability does not appear to provide direct access to sensitive data or system privileges, but rather focuses on availability disruption which still represents a serious security concern for end users.

Samsung's response to this vulnerability included issuing a security patch through their regular update cycle, addressing the root cause by implementing proper exception handling for content provider calls and ensuring that all provider references are validated before execution. The fix typically involves adding proper error checking mechanisms around content provider access points and implementing graceful degradation when providers are unavailable. Organizations should ensure timely deployment of these patches to protect their Samsung device fleets from exploitation attempts. The vulnerability serves as a reminder of the importance of robust input validation and proper error handling in mobile application development, particularly for system-level components that interact with Android's content provider framework. This case study illustrates how adherence to secure coding practices and proper resource management can prevent such denial of service conditions from being exploited in real-world scenarios.

Sources

Want to know what is going to be exploited?

We predict KEV entries!