CVE Tools
Back to feed
SecurityWeek ·EN-US News source ResearchGalaxy S9Galaxy S25A-series

Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks

By Kevin Townsend··3 min read
CVE Tools coverage

Researchers uncovered a long-standing high-severity vulnerability in Samsung’s KNOX kernel affecting nearly all Galaxy devices from Galaxy S9 through S25. The issue, tracked as CVE-2026-20971, can be triggered via interactions between PROCA and FIVE and may result in kernel memory corruption through a race-condition use-after-free scenario, even though exploitation is described as requiring local conditions and user interaction. Samsung addressed the problem in its January 2026 update for affected Android releases including Android 13, 14, 15, and 16, and device coverage spans both Exynos- and Qualcomm-based models; timely patching matters because mobile attacks can be leveraged for deeper compromise.