CVE-2026-21046
Samsung · Mobile Devices
A time-of-check time-of-use (TOCTOU) race condition in the fabricKeymaster trustlet on Samsung mobile devices allows local privileged attackers to execute arbitrary code.
Executive summary
A critical TOCTOU race condition in the Samsung fabricKeymaster trustlet enables local privileged attackers to achieve arbitrary code execution.
Vulnerability
This vulnerability involves a TOCTOU race condition (CWE-367) within the fabricKeymaster trustlet. It requires an attacker to possess high (privileged) access on the device to exploit the race condition, which can result in the execution of arbitrary code with elevated permissions.
Business impact
With a CVSS score of 8.4, this flaw presents a severe risk to the device's Trusted Execution Environment (TEE). If exploited, an attacker could potentially bypass hardware-backed security features, leading to a total compromise of the device's security model and sensitive cryptographic material.
Remediation
Immediate Action: Deploy the SMR Jul-2026 security release immediately to all managed Samsung devices to remediate the fabricKeymaster trustlet.
Proactive Monitoring: Review system logs for signs of unauthorized process execution or attempts to interact with the device's Keymaster service.
Compensating Controls: Maintain strict device hardening and limit the deployment of third-party applications that require high-level system permissions to reduce the likelihood of a local attacker gaining the necessary access.
Exploitation status
Public Exploit Available: False
Analyst recommendation
This vulnerability targets the core security architecture of Samsung devices. Security teams should prioritize patching this issue to prevent the potential compromise of the Trusted Execution Environment and ensure the continued integrity of cryptographic operations on the device.