Google’s Project Zero says a new Android zero-day is actively being exploited in the wild in attacks targeting Google Pixel, Huawei, Xiaomi, Samsung, Oppo, and Moto smartphones. The vulnerability is a kernel local privilege escalation (LPE) bug using a use-after-free vulnerability in the Android binder driver that can be exploited by potential attackers to get full-control of unpatched devices. The issue was previously patched in December 2017 in the 4.14 LTS Linux kernel without a CVE and by the Android Open Source Project, the bug was reintroduced in subsequent versions.
Source: https://www.bleepingcomputer.com/news/security/actively-exploited-android-zero-day-impacts-google-samsung-devices/