WARNING: PRIVILEGE ESCALATION IN SEVERAL SAMSUNG PROCESSORS
Référence:
Advisory #2024-249
Version:
1.0
Logiciels concernés :
m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920
Type:
Use-After-Free leading to Privilege Escalation
CVE/CVSS:
CVE-2024-44068 :CVSS 8.1(CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Date:
24/10/2024
Sources
https://nvd.nist.gov/vuln/detail/CVE-2024-44068
Risques
A high Use-After-Free vulnerability has been disclosed in the a driver of several Samsung mobile processors. Exploiting this vulnerability can lead to privilege escalation and lets an attacker run arbitrary code with elevated privileges. It has been reported being actively exploited as a zero day by Google and it has a high impact on confidentiality, integrity and available.
Description
CVE-2024-44068
This high Use-After-Free vulnerability, with a CVSS score of 8.1, affects the m2m scaler driver of multiple Samsung mobile processors, including Exynos 9820, 9825, 980, 990, 850, W920. This driver provides hardware acceleration for several media functions. A successful exploit will result in execution of arbitrary code with elevated privileges. This vulnerability was reported actively exploited by Google as part of an exploit chain.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. The patch was released with the Samsung security patches of October SMR-Oct-2024.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.