CVE-2024-44068
published 2024-10-07CVE-2024-44068: An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free…
PriorityP276high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.04%
59.6th percentile
An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-frrh-j3wr-gprp: An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920
ghsa_unreviewed·2024-10-07
CVE-2024-44068 [HIGH] CWE-416 GHSA-frrh-j3wr-gprp: An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920
An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.
VulnCheck
Samsung Mobile Processor and Wearable Processor Exynos m2m Scaler Driver Vulnerability
vulncheck·2024·CVSS 8.1
CVE-2024-44068 [HIGH] Samsung Mobile Processor and Wearable Processor Exynos m2m Scaler Driver Vulnerability
Samsung Mobile Processor and Wearable Processor Exynos m2m Scaler Driver Vulnerability
An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.
Affected: Samsung Mobile Processor and Wearable Processor Exynos
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2024/CVE-2024-44068.html; https://x.com/1ce0ear/status/1847011128846741572; https://360.net/re
Project0
Project Zero RCA: CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android
project_zero·CVSS 8.1
CVE-2024-44068 [HIGH] Project Zero RCA: CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android
# CVE-2024-44068: Samsung m2m1shot_scaler0 device driver page use-after-free in Android
- Xingyu Jin, Google Devices & Services Security Research
- Clement Lecigene, Google Threat Analysis Group
## The Basics
**Disclosure or Patch Date:** Oct 07, 2024
**Product:** Samsung Android
**Advisory:** https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-44068/
**Affected Versions:** Samsung Exynos (9820, 9825, 980, 990, 850, W920), pre SMR-Oct-2024
**First Patched Version:** SMR-Oct-2024
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Xingyu Jin and Clement Lecigne
## The Code
**Proof-of-concept:** N/A
**Exploit sample:** N/A
**Did you have access to the exploit sample when doing the analysis?** Yes
##
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-07
Published
Exploited in the wild