SecurityWeek ·EN-US News source ResearchGalaxy S9Galaxy S25A-series
Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks
CVE Tools coverage
Researchers uncovered a long-standing high-severity vulnerability in Samsung’s KNOX kernel affecting nearly all Galaxy devices from Galaxy S9 through S25. The issue, tracked as CVE-2026-20971, can be triggered via interactions between PROCA and FIVE and may result in kernel memory corruption through a race-condition use-after-free scenario, even though exploitation is described as requiring local conditions and user interaction. Samsung addressed the problem in its January 2026 update for affected Android releases including Android 13, 14, 15, and 16, and device coverage spans both Exynos- and Qualcomm-based models; timely patching matters because mobile attacks can be leveraged for deeper compromise.