A zero-day vulnerability, tracked as CVE-2024-44068, has been discovered in Samsung’s mobile processors and is being used in an exploit chain for arbitrary code execution.
The vulnerability was given a critical CVSS score of 8.1 out of 10 and was patched in Samsung’s October set of security fixes.
A National Institute of Standards and Technology (NIST) advisory on the bug describes it as “an issue [that] was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920.” A use-after-free bug in the mobile processor ultimately leads to privilege escalation, the agency added.
Google researcher Xingyu Jin was credited with reporting the flaw earlier this year, and Google TAG researcher Clement Lecigne warned that an exploit exists in the wild.
“This zero-day exploit is part of an EoP chain,” Jin and Lecigne noted. “The actor is able to execute arbitrary code in a privileged camera server process. The exploit also renamed the process name itself to ‘[email protected]‘, probably for anti-forensic purposes.”