WARNING: PRIVILEGE ESCALATION IN SEVERAL SAMSUNG PROCESSORS

Image
Decorative image
Published : 24/10/2024

Reference:
Advisory #2024-249

Version:
1.0

Affected software:
m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920

Type:
Use-After-Free leading to Privilege Escalation

CVE/CVSS:
CVE-2024-44068 :CVSS 8.1(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

https://nvd.nist.gov/vuln/detail/CVE-2024-44068

Risks

A high Use-After-Free vulnerability has been disclosed in the a driver of several Samsung mobile processors. Exploiting this vulnerability can lead to privilege escalation and lets an attacker run arbitrary code with elevated privileges. It has been reported being actively exploited as a zero day by Google and it has a high impact on confidentiality, integrity and available.

Description

CVE-2024-44068
This high Use-After-Free vulnerability, with a CVSS score of 8.1, affects the m2m scaler driver of multiple Samsung mobile processors, including Exynos 9820, 9825, 980, 990, 850, W920. This driver provides hardware acceleration for several media functions. A successful exploit will result in execution of arbitrary code with elevated privileges. This vulnerability was reported actively exploited by Google as part of an exploit chain.

Recommended Actions

Patch
 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. The patch was released with the Samsung security patches of October SMR-Oct-2024.
 
Monitor/Detect
 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References