Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.
AnalysisAI
NULL pointer dereference vulnerability in Samsung's Exynos mobile processors (models 1280, 2200, 1380, 1480, 2400) that allows unauthenticated remote attackers to trigger a denial of service condition without user interaction. The vulnerability has a CVSS 3.1 score of 7.5 (High) with network-based attack vector and high availability impact, though no integrity or confidentiality compromise occurs. Exploitation likelihood and active weaponization status cannot be confirmed without KEV catalog verification and public exploit availability data.
Technical ContextAI
The vulnerability exists in Samsung's Exynos System-on-Chip (SoC) firmware or kernel-level processor handling code, affecting multiple processor generations used in Samsung Galaxy smartphones and tablets. The root cause is classified as CWE-476 (NULL Pointer Dereference), indicating insufficient input validation or null pointer checks before dereferencing memory addresses in processor-level code paths. Affected Exynos models (1280, 2200, 1380, 1480, 2400) span multiple processor generations with varying architectures and process nodes. The vulnerability likely exists in GPU drivers, modem firmware, or memory management subsystems that process untrusted network or IPC data without proper null validation. CPE entries would typically follow: cpe:2.3:o:samsung:exynos_1280_firmware:*:*:*:*:*:*:*:* and similar for other models.
RemediationAI
Apply Samsung security patches targeting Exynos processor firmware and kernel security updates: (1) Check device's current security patch level via Settings > About phone > Security patch date; (2) Install latest available OTA (Over-The-Air) updates for affected Exynos models via Settings > System > System update; (3) For enterprise deployments, coordinate with Samsung Mobile Device Management (MDM) vendors and Samsung Knox services for centralized patch deployment; (4) Monitor Samsung Security Center (https://security.samsungmobile.com/) and Android Security & Privacy Year in Review for specific Exynos CVE patches and target patch dates; (5) If patch unavailable for legacy devices (Exynos 1280/2200 variants), implement network-level DoS mitigation via rate limiting, anomaly detection, and segmentation of affected device traffic. Vendor advisory links should be extracted from Samsung's official security bulletins once published; contact Samsung Mobile Enterprise Relations for extended support timelines on older processor generations.
More in Exynos 1480 Firmware
View allOOB write in Samsung Exynos 1480/2400 processors.
In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13
Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write
Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, an
Critical out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient le
CVE-2025-23103 is an out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by ins
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211
An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 108
Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker w
An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. Rated high severity (CVSS 7.8), this vulne
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. R
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16784