The flaw is an improper access control in the MediaTek Audio HAL component of Samsung Mobile Devices, which allows a local attacker to invoke privileged functions. This can lead to local privilege escalation, granting the attacker unauthorized access to device functionalities that normally require higher authority.

Affected systems are Samsung Mobile Devices that run the MediaTek Audio HAL before the SMR Jun‑2026 Release 1 update. All Samsung smartphones using that older Audio HAL version are vulnerable until the firmware update is applied.

The CVSS score of 6.4 indicates a moderate severity. EPSS is <1%, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited publicly known exploit activity. The vulnerability is local; an attacker with physical or local access could exploit it to elevate privileges. Because no public exploit has been reported, the risk remains moderate but should be addressed promptly.