Hi,
I’m sorry for my ignorance but on October in 2024, a new security bug has been found on some Exynos processors like said in CVE-2024-44068. (S10* are concerned)
It seems that Samsung is about to deliver a patch.
Is there any chance to get it in /e/OS ? (And how ? (not when))
I beg your pardon if the answer is obvious for you.
I lack of culture in mobile world. I don’t know how to interpret this :
« Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung’s October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device. »
and
« The bug exists in the memory management and how the device driver sets up the page mapping, according to Lecigene, a member of Google’s Threat Analysis Group, and Jin, a Google Devices and Services Security researcher who is credited with spotting the flaw and reporting it to Samsung. »
So it won’t be fix by Google, it may be already fixed by Samsung in the ‘drivers’ ?
AOSP, drivers, firmware… it’s like black magic for me ( Halloween score !)
So if not in that page it may be part of a Samsung firmware revision.
You might check with a Samsung support channel to get accurate information how it will be released to devices running Google Android, then it may become more clear how it gets adopted by AOSP. (This is only a part explanation as I have not researched it at all.)
Edited
The firmware revision which contains the fix will have a date at which it was applied for each device.
This date which is effectively “Vendor security patch level” can be useful when researching for when it appears in AOSP. (Your quotes could be the basis for such tracking.)
In due course one could tell that the patch has been applied to a users device if the date shows on the device as:
Settings > About phone > Android version > Tap on /e/ OS version > Vendor Security patch level.
@0xFAb a possible next step is to search though the latest updates from one of these sources
Most sources one needs to search by model in the format SM-G973F and region. I say region, you will probably need to start from your country but it may not be found as the designation is complicated by the CSC explained 600+ Samsung CSC Codes - Complete List (2024) - Technastic.
I started the search but without exact details, so far I did not find exact matches for October which subsequently allows to search the Samsung changelist to find CVE-2024-44068.