Time Table

Over the past year, we identified and reported 13 security vulnerabilities (CVEs) in Samsung’s Exynos SoC, primarily affecting the NPU and GPU subsystems. These bugs—many of which were exploitable—have since been patched by Samsung as of June 2025. In this talk, we focus on the Exynos NPU: we’ll walk through recurring bug patterns, analyze the exposed attack surface, and explore why these coprocessors remain an attractive target. We will then dive into the exploitation side—demonstrating how some of these vulnerabilities can be leveraged to gain arbitrary read/write (AARW) on devices like the Galaxy A35, A55, and S24+. Beyond that, we’ll show how to chain primitives to bypass the hypervisor and escalate to full kernel code execution The session also reflects on our experience collaborating with Samsung’s product security team, and offers an honest perspective on working through the ISVP, including incentives, technical feedback, and timelines.