An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The persona service allows attackers (who control an unprivileged SecureFolder process) to bypass admin restrictions in KnoxContainer. The Samsung ID is SVE-2020-18133 (August 2020).
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25055
Reference (s):
- https://security.samsungmobile.com/securityUpdate.smsb