Skip to main content

Samsung Galaxy CVE-2026-21046

| EUVDEUVD-2026-42817 HIGH
2026-07-10 mobile.security@samsung.com GHSA-g963-gfxf-m962
8.4
CVSS 4.0 · Vendor: samsung
Share

Severity by source

Vendor (samsung) PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.4 MEDIUM

Attacker needs pre-existing privileged access to reach the trustlet (PR:H) and must win a timing-dependent race (AC:H); local vector, no UI, with full C/I/A loss of the Keymaster TA.

3.1 AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (samsung).

CVSS VectorVendor: samsung

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 05:43 vuln.today

DescriptionCVE.org

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code.

AnalysisAI

Local privilege escalation to arbitrary code execution in Samsung's fabricKeymaster trustlet affects Galaxy devices running builds prior to the SMR Jul-2026 Release 1 security patch level. A local attacker who already holds privileged (root/system-level) access on the device can exploit a time-of-check-to-time-of-use race condition to run arbitrary code within the Keymaster trusted application, undermining the hardware-backed key store. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain privileged access on Galaxy device
Delivery
Invoke fabricKeymaster trustlet interface
Exploit
Race TOCTOU window on shared resource
Execution
Execute arbitrary code in Keymaster TEE
Impact
Extract or forge hardware-backed keys

Vulnerability AssessmentAI

Exploitation Exploitation requires local, on-device privileged access (PR:H) - the attacker must already run as root or an equivalently privileged Android context able to call the fabricKeymaster/Keymaster TEE interface; it cannot be triggered remotely or by an unprivileged app. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H, base 8.4) marks this as local, no user interaction, high privileges required, with high confidentiality/integrity/availability impact - a serious but not internet-exposed issue. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained privileged code execution on a Galaxy phone - for example via a chained kernel exploit or a malicious privileged app - repeatedly invokes the Keymaster interface while a second thread mutates a shared buffer to win the TOCTOU window in fabricKeymaster. Winning the race lets them execute code inside the trusted application, allowing extraction or forgery of hardware-backed keys and defeating KeyStore-based protections. …
Remediation Vendor-released patch: SMR Jul-2026 Release 1 - apply the Samsung July 2026 security update (or any later monthly SMR) via Settings > Software update on the device, or through enterprise MDM/Knox managed update channels; consult https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=07 for per-model availability. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Galaxy devices and identify those running security patch levels prior to SMR Jul-2026 Release 1; document risk tier based on device criticality and deployed keys. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-21046 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy