Samsung has just released the Security Maintenance Bulletin of January 2026. The complete package of the first security update of 2026 includes around 57 patches to fix issues related to the Android system, Samsung semiconductor issues, and Samsung Vulnerabilities and Exposures.
The Korean tech giant has already started the January 2025 security update with the One UI 8.5 beta 3 running units in eligible regions. This third beta update was released yesterday. Further non-beta devices will start getting the brand security software package soon.
The brand ends Galaxy A03 Core smartphone software support from this month. The company removed this device from the biannual security update eligible device list as per the January 2026 SMR.
January 2026 update package details
Android System Fixes
The update package for Galaxy devices contains fixes for 23 issues, of which 2 CVEs are not applicable to the Samsung devices. Below you can see 21 CVEs related to the Android system in Samsung devices.
Critical
CVE-2024-43859High
CVE-2024-43766, CVE-2025-32348, CVE-2025-48609, CVE-2025-48635, CVE-2025-54957, CVE-2026-0007, CVE-2026-0008, CVE-2026-0010, CVE-2026-0011, CVE-2025-20760, CVE-2025-20761, CVE-2025-20762, CVE-2025-20793, CVE-2025-20794, CVE-2025-20795, CVE-2025-47339, CVE-2025-47348, CVE-2025-47388, CVE-2025-47394, CVE-2025-47396Moderate
NoneAlready included in previous updates
NoneNot applicable to Samsung devices
CVE-2025-47346, CVE-2025-47395
Samsung Semiconductor Fixes
This month Samsung also includes fixes for its semiconductor-related issues. The update adds 4 patches to the Galaxy devices; these patches are listed below.
High
CVE-2025-27807, CVE-2025-49495, CVE-2025-52519, CVE-2025-53966
Samsung Vulnerabilities and Exposures Fixes
Along with Google and Samsung Semiconductor fixes, the software also brings 30 Samsung Vulnerabilities and Exposures to enhance the Samsung Galaxy devices’ security.
High
SVE-2025-1716(CVE-2026-20969)
Affected versions: Selected Android 13, 14, 15, 16 devices
Disclosure status: Privately disclosed
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
The patch adds proper input validation.SVE-2025-2103(CVE-2026-20971)
Affected versions: Android 13, 14, 15, 16
Disclosure status: Privately disclosed
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows physical attackers to potentially execute arbitrary code.
The patch removes unused code.SVE-2025-2316(CVE-2026-20973)
Affected versions: Android 13, 14, 15, 16
Disclosure status: Privately disclosed
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
The patch adds proper input validation.SVE-2025-2394(CVE-2026-20974)
Affected versions: Selected Android 13, 14, 15, 16 devices
Disclosure status: Privately disclosed
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
The patch adds proper validation logic.Moderate
SVE-2025-1183(CVE-2026-20968)
Affected versions: Android 13, 14, 15, 16
Disclosure status: Privately disclosed
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
The patch adds proper check logic.SVE-2025-1990(CVE-2026-20970)
Affected versions: Android 15, 16
Disclosure status: Privately disclosed
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
The patch adds proper access control.SVE-2025-2255(CVE-2026-20972)
Affected versions: Android 13, 14, 15, 16
Disclosure status: Privately disclosed
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
The patch adds proper permission.
Moreover, these security updates should be installed as soon as possible to avoid security flaws. However, the software update availability depends on various factors like region, models, and network carriers. We hope Samsung will soon begin the brand-new software rollout soon.
