Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks

A high-severity use-after-free vulnerability (CVE-2026-20971) was identified in Samsung’s KNOX security framework, affecting Android-powered Galaxy devices from the S9 through S25 models. The flaw, present for eight years, exposed millions of devices to kernel-level attacks by allowing malicious exploitation of memory management errors. No specific exploitation timeline or attack instances were disclosed, but the vulnerability posed a risk of privilege escalation and system compromise. Samsung has not provided details on patch deployment or affected device counts beyond the model range. The issue was reported by SecurityWeek without additional technical specifics on exploit mechanisms.