Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
AnalysisAI
Critical out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient length validation. This vulnerability affects Samsung Galaxy devices and other OEM devices utilizing these SoCs, allowing remote, unauthenticated attackers to execute code with high integrity impact and potential system compromise. The high CVSS score of 8.6 reflects the network-exploitable nature and lack of authentication requirements, though real-world exploitation depends on the specific attack surface exposed in affected device implementations.
Technical ContextAI
The vulnerability resides in Samsung's Exynos mobile processor line (specifically the 1480 and 2400 models), which serve as the primary system-on-chip (SoC) for Samsung Galaxy flagship devices and are licensed to other OEMs. The root cause is classified as CWE-787 (Out-of-bounds Write), which occurs when code writes data beyond the boundaries of an allocated memory buffer without proper length validation. This typically manifests in processor firmware, bootloader, or secure enclave components that parse untrusted input without bounds checking. The lack of a length check suggests the vulnerability exists in a parsing routine—possibly in modem firmware processing, secure element communication, or inter-processor communication (IPC) mechanisms—where an attacker can supply malformed packets or messages that exceed expected buffer sizes, corrupting adjacent memory regions.
RemediationAI
Users with affected devices (Galaxy S24 series, S24 FE, and related models) should immediately apply the latest available firmware/security updates through Settings > System > System Update > Check for Updates or via Samsung's SmartSwitch software. OEMs using Exynos 1480/2400 should contact Samsung for emergency firmware patches. Samsung will release fixes through monthly security updates (likely available in January 2025 or sooner depending on discovery/disclosure timeline). Users unable to patch immediately should: (1) disable unnecessary network-exposed services and features, (2) avoid connecting to untrusted networks, (3) use VPN or network segmentation where possible, and (4) monitor Samsung's Security Advisory and Mobile Security Release Notes for specific CVE guidance. No known workarounds exist for this processor-level vulnerability; patching is the only mitigation. Vendor advisories and detailed patch notes should be monitored at security.samsungmobile.com and Samsung's official security bulletin pages.
More in Exynos 1480 Firmware
View allOOB write in Samsung Exynos 1480/2400 processors.
In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13
Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write
Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, an
CVE-2025-23103 is an out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by ins
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211
An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an
Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker w
An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. Rated high severity (CVSS 7.5), this vulnerabi
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. Rated high severity (CVSS 7.5), this vu
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480
An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16769