CVE-2024-44068

8.1 HIGH

📋 TL;DR

A use-after-free vulnerability in the m2m scaler driver of Samsung Exynos mobile and wearable processors allows local attackers to escalate privileges. This affects devices using Exynos 9820, 9825, 980, 990, 850, and W920 chipsets. Attackers could gain kernel-level access from a compromised user application.

💻 Affected Systems

Products:

• Samsung Mobile Processor Exynos 9820
• Samsung Mobile Processor Exynos 9825
• Samsung Mobile Processor Exynos 980
• Samsung Mobile Processor Exynos 990
• Samsung Mobile Processor Exynos 850
• Samsung Wearable Processor Exynos W920

Versions: All versions prior to patch

Operating Systems: Android-based systems using affected chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using these specific Samsung Exynos processors. The vulnerability is in the kernel driver, so all Android versions using these chips are affected.

📦 What is this software?

Exynos 850 Firmware by Samsung

View all CVEs affecting Exynos 850 Firmware →

Exynos 980 Firmware by Samsung

View all CVEs affecting Exynos 980 Firmware →

Exynos 9820 Firmware by Samsung

View all CVEs affecting Exynos 9820 Firmware →

Exynos 9825 Firmware by Samsung

View all CVEs affecting Exynos 9825 Firmware →

Exynos 990 Firmware by Samsung

View all CVEs affecting Exynos 990 Firmware →

Exynos W920 Firmware by Samsung

View all CVEs affecting Exynos W920 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level code execution, allowing complete control over the device, data theft, and persistence.

🟠

Likely Case

Privilege escalation from a compromised app to kernel privileges, enabling further attacks like credential theft or installing malware.

🟢

If Mitigated

Limited impact if proper kernel hardening and exploit mitigations are in place, though kernel compromise remains possible.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring initial access to the device.

🏢 Internal Only: HIGH - Once an attacker gains initial access to a device, this vulnerability enables significant privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to execute code. Use-after-free vulnerabilities in kernel drivers typically require some exploit development skill but are frequently targeted.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Specific patch versions depend on device manufacturer implementations

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-44068/

Restart Required: Yes

Instructions:

1. Check for security updates from your device manufacturer. 2. Apply the latest firmware/security patch. 3. Reboot the device after installation.

🔧 Temporary Workarounds

No known effective workarounds

all

This is a kernel driver vulnerability that requires patching at the firmware level.

🧯 If You Can't Patch

• Restrict physical and network access to affected devices
• Implement application allowlisting to prevent malicious apps from gaining initial access

🔍 How to Verify

Check if Vulnerable:

Copy

Check device specifications for Exynos 9820, 9825, 980, 990, 850, or W920 processor. Check kernel version against manufacturer's patched versions.

Check Version:

Copy

On Android: Settings > About Phone > Software Information or use 'getprop ro.boot.hardware' via ADB

Verify Fix Applied:

Copy

Verify the device has received the latest security updates from the manufacturer and check the kernel version matches patched releases.

📡 Detection & Monitoring

Log Indicators:

• Kernel panic logs
• Unexpected privilege escalation attempts
• Suspicious kernel module loading

Network Indicators:

• Unusual outbound connections from privileged processes

SIEM Query:

Copy

Look for kernel crash reports or privilege escalation patterns in system logs

📊 Metadata

CVE ID: CVE-2024-44068

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 7, 2024

Last Updated: June 17, 2025

🔗 References

• https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory
• https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-44068/ Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44068, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)

CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)

CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)