CVE-2026-20971

High

Published: 09 January 2026

Published

09 January 2026

Modified

15 January 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 0.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-20971 is a high-severity Use After Free (CWE-416) vulnerability in Samsung Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the Use After Free vulnerability by requiring timely identification, reporting, and patching of the flaw in the PROCA driver via the Samsung SMR Jan-2026 Release 1 update.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as address space layout randomization and data execution prevention that directly counter exploitation of Use After Free errors in the PROCA driver.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables vulnerability scanning to identify systems affected by CVE-2026-20971 prior to exploitation by local attackers.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local kernel UAF in PROCA driver directly enables arbitrary code execution for privilege escalation by low-privileged local attackers.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.

Deeper analysisAI

CVE-2026-20971 is a Use After Free vulnerability (CWE-416) in the PROCA driver on Samsung devices, affecting versions prior to the SMR Jan-2026 Release 1. The flaw occurs when memory is freed but subsequently accessed, potentially leading to corruption or exploitation. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with low complexity for local exploitation.

Local attackers with low privileges can exploit this vulnerability to potentially execute arbitrary code. The attack requires local access to the device but no user interaction, making it feasible for malicious apps or compromised user accounts to trigger the Use After Free condition in the PROCA driver and gain elevated control.

Samsung's security advisory for January 2026, available at https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01, addresses the issue in the SMR Jan-2026 Release 1, recommending users apply the update to mitigate the vulnerability.

Details

CWE(s): CWE-416

Affected Products

samsung

android

13.0, 14.0, 15.0, 16.0

CVEs Like This One

CVE-2025-20890Same product: Samsung Android

CVE-2025-20888Same product: Samsung Android

CVE-2025-20882Same product: Samsung Android

CVE-2026-20979Same product: Samsung Android

CVE-2026-20983Same product: Samsung Android

CVE-2026-21010Same product: Samsung Android

CVE-2026-20970Same product: Samsung Android

CVE-2025-20903Same product: Samsung Android

CVE-2026-20990Same product: Samsung Android

CVE-2025-20881Same product: Samsung Android

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2026&month=01
Vendor Advisory · mobile.security@samsung.com