Samsung's Exynos Processors Vulnerable to Privilege Escalation Due to Use-After-Free Bug
Key Information
- Vendor
- Samsung
- Vendor
- CVE Published:
- 7 October 2024
Badges
Summary
A zero-day vulnerability in Samsung's mobile processors, tracked as CVE-2024-44068, has been exploited in the wild to execute an arbitrary code. This vulnerability, with a CVSS score of 8.1, allows privilege escalation on vulnerable Android devices by leveraging a use-after-free bug in the m2m scaler driver. The bug is part of an exploit chain, and the in-the-wild exploit has been observed by Google's Threat Analysis Group, posing a significant risk to affected devices. The exploitation has been observed in a privileged cameraserver process through a Kernel Space Mirroring Attack, bypassing Android kernel isolation protections. Samsung has released a patch as part of its October 2024 security updates.
News Articles
Samsung’s Impossible Deadline—You Have 24 Hours To Update Your Phone
Samsung Galaxy owners have a serious new problem—here’s what you need to do.
8 hours ago
Vulnerability Recap 10/28/24: Cisco, Fortinet, VMware
This week’s security vulnerabilities include a couple of Cisco flaws and a Fortinet issue that took a while to be announced.
1 day ago
Samsung phone users exposed to EoP attacks, Google warns
A nasty bug in Samsung's mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security...
6 days ago
Timeline
- đź‘ľ
Exploit exists.
First article discovered by SecurityWeek
Vulnerability published.