Samsung has disclosed a critical security vulnerability (CVE-2024-44068) affecting multiple Exynos mobile processors actively exploited in the wild.
The high-severity flaw impacts several processor models, including the Exynos 9820, 9825, 980, 990, 850, and W920 series.
The vulnerability stems from a Use-After-Free condition in the m2m scaler driver, which handles hardware acceleration for media functions like JPEG decoding and image scaling.
The flaw allows attackers to execute arbitrary code with elevated privileges by exploiting how the driver manages memory mapping and page references.
National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now
When processing certain IOCTL calls through M2M1SHOT_IOC_PROCESS, the driver incorrectly handles page reference counting for PFNMAP pages, potentially leading to a situation where I/O virtual pages may map to freed physical pages.
Security researchers have confirmed that threat actors actively exploit this vulnerability as part of a broader exploit chain. The attack allows malicious applications to gain elevated privileges on affected devices, potentially compromising the entire system.
The exploit has been observed executing arbitrary code within a privileged camera server process. Attackers attempt to disguise their activities by renaming processes to appear legitimate.
Affected Devices
The vulnerability affects devices using the following Exynos processors:
- Exynos 9820
- Exynos 9825
- Exynos 980
- Exynos 990
- Exynos 850
- Exynos W920
Samsung has released security patches for its October 2024 Security Maintenance Release (SMR-Oct-2024).
The company strongly recommends all affected device users update their firmware immediately to protect against potential exploitation.
Xingyu Jin of Google discovered the vulnerability and reported it to Samsung on July 19, 2024. After developing and testing appropriate patches, Samsung publicly disclosed the vulnerability on October 7, 2024.
Security experts emphasize the importance of implementing a comprehensive vulnerability management process and maintaining up-to-date firmware on all affected devices.
Organizations are advised to deploy advanced threat detection solutions and strengthen network security controls to prevent unauthorized access attempts.
The discovery of this zero-day vulnerability highlights the ongoing challenges in mobile device security and the critical importance of prompt security updates.
Users of affected Samsung devices should check their system settings for available updates and apply them immediately.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here