Man
Professional
- Messages
- 3,222
- Reaction score
- 810
- Points
- 113
Samsung has closed a dangerous vulnerability in its devices.
Samsung has released a security update to address the CVE-2024-44068 vulnerability affecting devices based on Exynos processors. The error occurred in the m2m1shot_scaler0 driver, which is used to process images and videos, such as scaling and decoding JPEGs.
The CVE-2024-44068 error (CVSS score: 8.1), discovered by Google specialists, is associated with incorrect memory operation. In some cases, the driver may have incorrectly freed memory pages and then reused them. The flaw allowed attackers to gain access to freed memory and execute malicious code. The issue affected devices with Exynos 9820, 9825, 980, 990, 850 and W920 processors that were not updated to the SMR-Oct-2024 version.
The attack exploits a Use-After-Free (UAF) error that occurs when memory is freed but continues to be used. Exploitation of the vulnerability is based on the use of freed PFNMAP pages and their binding to virtual I/O pages.
Attackers could manipulate the driver through IOCTL calls, achieving the execution of Kernel Space Mirroring Attack (KSMA) attacks. This approach made it possible to rewrite kernel page tables and perform arbitrary operations with system privileges. For example, on the Samsung S10 (G973FXXSGHWC2) smartphone, the attack made it possible to change system processes and hide malicious actions.
To carry out the attack, the attackers used the mmap and mincore system calls, which tracked the moment when memory was associated with I/O pages. During this process, the hacker freed up memory, leaving the driver in a state where it used already invalid pages.
As part of the vulnerability mitigation, Samsung has revised the object reference management for PFNMAP pages to prevent reuse of freed memory. Experts recommend auditing the source code and testing all IOCTL calls as key measures to prevent similar errors in the future.
The SMR-Oct-2024 security update is available for all affected devices. Users are strongly encouraged to install the update to prevent possible exploitation of the vulnerability.
Source
Samsung has released a security update to address the CVE-2024-44068 vulnerability affecting devices based on Exynos processors. The error occurred in the m2m1shot_scaler0 driver, which is used to process images and videos, such as scaling and decoding JPEGs.
The CVE-2024-44068 error (CVSS score: 8.1), discovered by Google specialists, is associated with incorrect memory operation. In some cases, the driver may have incorrectly freed memory pages and then reused them. The flaw allowed attackers to gain access to freed memory and execute malicious code. The issue affected devices with Exynos 9820, 9825, 980, 990, 850 and W920 processors that were not updated to the SMR-Oct-2024 version.
The attack exploits a Use-After-Free (UAF) error that occurs when memory is freed but continues to be used. Exploitation of the vulnerability is based on the use of freed PFNMAP pages and their binding to virtual I/O pages.
Attackers could manipulate the driver through IOCTL calls, achieving the execution of Kernel Space Mirroring Attack (KSMA) attacks. This approach made it possible to rewrite kernel page tables and perform arbitrary operations with system privileges. For example, on the Samsung S10 (G973FXXSGHWC2) smartphone, the attack made it possible to change system processes and hide malicious actions.
To carry out the attack, the attackers used the mmap and mincore system calls, which tracked the moment when memory was associated with I/O pages. During this process, the hacker freed up memory, leaving the driver in a state where it used already invalid pages.
As part of the vulnerability mitigation, Samsung has revised the object reference management for PFNMAP pages to prevent reuse of freed memory. Experts recommend auditing the source code and testing all IOCTL calls as key measures to prevent similar errors in the future.
The SMR-Oct-2024 security update is available for all affected devices. Users are strongly encouraged to install the update to prevent possible exploitation of the vulnerability.
Source
