CVE-2024-44068

HIGH EXPLOITED IN THE WILD

Samsung Exynos 9820, 9825, 980, 990, 850, and W920 Firmware - Use-After-Free in m2m Scaler Driver

Title source: llm

Exploitation Summary

CVE-2024-44068 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).

Description

An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.

References (2)

Core 2

Core References

Vendor Advisory

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Vendor Advisory

https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-44068/

Scores

CVSS v3 8.1

EPSS 0.0072

EPSS Percentile 72.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

VulnCheck KEV 2024-10-07

InTheWild.io 2024-10-07

CWE

CWE-416

Status published

Products (6)

samsung/exynos_850_firmware

samsung/exynos_980_firmware

samsung/exynos_9820_firmware

samsung/exynos_9825_firmware

samsung/exynos_990_firmware

samsung/exynos_w920_firmware

Published Oct 07, 2024

Tracked Since Feb 18, 2026