Samsung's Exynos Processors Vulnerable to Privilege Escalation Due to Use-After-Free Bug
CVE-2024-44068
Key Information:
- Vendor
- Samsung
- Vendor
- CVE Published:
- 7 October 2024
Badges
Summary
A zero-day vulnerability in Samsung's mobile processors, tracked as CVE-2024-44068, has been exploited in the wild to execute an arbitrary code. This vulnerability, with a CVSS score of 8.1, allows privilege escalation on vulnerable Android devices by leveraging a use-after-free bug in the m2m scaler driver. The bug is part of an exploit chain, and the in-the-wild exploit has been observed by Google's Threat Analysis Group, posing a significant risk to affected devices. The exploitation has been observed in a privileged cameraserver process through a Kernel Space Mirroring Attack, bypassing Android kernel isolation protections. Samsung has released a patch as part of its October 2024 security updates.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
ForbesSamsung’s Impossible Deadline—You Have 24 Hours To Update Your Phone
Samsung Galaxy owners have a serious new problem—here’s what you need to do.
3 months ago
eSecurity PlanetVulnerability Recap 10/28/24: Cisco, Fortinet, VMware
This week’s security vulnerabilities include a couple of Cisco flaws and a Fortinet issue that took a while to be announced.
3 months ago
The RegisterCVE-2024-44068Samsung phone users exposed to EoP attacks, Google warns
A nasty bug in Samsung's mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security...
3 months ago
References
Timeline
- 💰
Used in Ransomware
- 👾
Exploit known to exist
- 📰
First article discovered by SecurityWeek
Vulnerability published