—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Use after free vulnerability in Samsung KNOX security framework

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Samsung Mobile Devices running software versions prior to SMR Jan-2026 Release 1 in Android 13, 14, 15, 16

Overview

A vulnerability has been reported in Samsung¿s KNOX security framework, which could allow a local attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organizations and individuals using Samsung devices with affected KNOX security framework.

Risk Assessment:

High risk of device compromise, unauthorized access, and security bypass.

Impact Assessment: 

Potential for arbitrary code execution, device compromise, data theft, or unauthorized access.

Description

Samsung Knox is a security framework integrated into Samsung Galaxy devices that provides device protection and security management capabilities.

This vulnerability exists due to a Use-After-Free condition in PROCA driver.

Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01

Vendor Information

Samsung

https://security.samsungmobile.com/

References

SecurityWeek

https://www.securityweek.com/eight-year-old-samsung-knox-flaw-exposed-millions-of-galaxy-devices-to-kernel-attacks/

CVE Name

CVE-2026-20971

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo77agACgkQ3jCgcSdc

ys8EQhAApiGd15XDS0E0S4rKuhGvZ5dx0wqZE5RSqajOailWeOuUhxePkaRsHVUR

oR3CYXNrFKvK640GuUM8IV5GqztL/v7z7n0zyOq4XYSQxvV1uMWe8AvD/+jVwR6S

fe8ofMYtM/CeEN17I5kaiBeUtHtEpLOiC76YlR9acXxDwHGikr48mRsUejNas7pw

nlAG0kmJOt/2FRqgs4hr0W+ZwYwpj9KeGbaAasxjziXJCcmVKjOv0C0DfpVRwAYm

2DMXHynYxsdn2awv3g6cd5qfgHJKPLeBHg5vaxRUK3swyL/ZEq2Scukw8YvmjbWH

iR9OiKEGt3jH5rhUy90K62R4ATGyVgdFvp6UAssiqte2PPzFpKiI12+oJ6/KBaFr

HBQ7484fawAV6jTb/lR77P0nUz6E0kmE0pM2mXc4Sj4B3muH5eG4sgTSg4HWrnEA

/RATonWByN6LDMVBolCGkPECd6Ku/UljBYyLJlVMWnjE7CzcMrqo4IcRyP9s8RrH

jmMPgxJoyEm9mGBpRG6Notv1afyTuQjC1S7XO/DHKqL3wtwzG4gJ8ksGRHvL9jk1

zX1mwgk+ez8UmUIY+rZzfmufkKmwfjWfFdN4lg8idXsxKh0fdQToK9eBDmZlggwh

PQ0At6vp/M5F9eWr+psfBvmmLWJJY1IdjyRNfMd6vKvRJPWN97Q=

=HPER

—–END PGP SIGNATURE—–