Samsung 'conducting an internal review' on Exynos kernel vulnerability

There was potentially worrying news for Samsung phone owners this weekend, as a serious kernel security vulnerability was identified in Android devices running Exynos 4210 and 4412 chips. The list of affected devices includes some of the most popular Samsung phones, like the international Galaxy S2 and Galaxy S3, and all Galaxy Note 2 models. The exploit in Samsung's kernel could give a malicious app free reign over a device's memory, allowing it to take complete control of it.

We reached out to Samsung for comment, and the company has today informed us that it is "currently in the process of conducting an internal review" into the matter. That's not a whole lot of information, but it at least confirms that Samsung's aware of the issue and is looking into it.

We'll keep you apprised of any further developments. In the meantime, if you're concerned about whether your own phone could be affected by this security vulnerability, check out our full report from yesterday.

The Samsung Exynos kernel exploit - what you need to know

Alex Dobie
Executive Editor

Alex was with Android Central for over a decade, producing written and video content for the site, and served as global Executive Editor from 2016 to 2022.

  • Great. More fodder for iFanboys.
  • Isn't jailbreaking an attempt to find a vulnerability so that a user can get access to the root of the phone?
  • No. Jailbreaking is "enable unknown sources". It's called jailbreaking because it allows you to break out of the Apple App Store jail.
  • Verizon just got the FIRST S3 JellyBean update Friday.... how long before they allow this (even though a security fix) through? I'm sure we'll be last to the game again on Verizon. This is why carrier's blocking or stalling updates is bad practice. It's like buying a computer from BestBuy but not getting Windows security updates or enhancements because they have to "approve" it themselves while the same computer from OfficeDepot gets immediately patched. I'm sure FCC or some other agency wouldn't allow this for computers... why do we for pocket computers (smartphones)? To make matters worse... Verizon actively tries to BLOCK users ability to apply any fix on their own by installing a patched ROM by locking the bootloaders on their devices... no other S3 has a locked bootloader EXCEPT Verizon's.
  • While I wholeheartedly agree with you that Verizon's policies on updates and securing bootloaders are terrible, the one saving grace to all the S3 users on Big Red is that since it uses the S4 processor instead of the Exynos this doesn't affect them
  • Exynos Quad core is in the New Note 2 on verizon, unlike the S3. The only updates Verizon is ever speedy about is for security, or at least in the past they were. My D1 last update was a security fix that I got pretty fast from motorola and was cleared to update fast. The Sg3 got a fast security fix too after it came out. So hopefully they will patch security fast still, even though they are the last carrier in the world to update an os on their phones.
  • @dcandroid From what I understand, the Verizon S3 isn't affected by this hole because it uses a Qualcomm SoC, not Exynos. Thanks to a custom ROM on the one phone we have that's on the affected list, the only device we have in our all-Samsung house that's vulnerable is our wifi Galaxy Tab 7 Plus. So, guess it's time to look into non-stock ROMs for that. I know that Android Central's editorial position is that running anything other than unrooted stock makes you more vulnerable to unspecified but very frightening malware. In this case, running stock will get you in trouble and only rooting (as the fix app temporarily does) or running a non-stock kernel and ROM will save you. None of our desktops or laptops run what they came with either, because we've upgraded our Ubuntu server many times and wiped Windows off of everything else. And that's the way it's been in our house for 10 years now. You guys would develop a nervous tic being around that much tech controlled by its owners rather than global megacorporations.