EUVD-2025-209245CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads.
Analysis
Use-after-free in Samsung Exynos Wi-Fi driver affects 11 mobile and wearable processor models via race condition triggered by concurrent ioctl calls. Local attackers with low privileges can exploit improper synchronization on a global variable to achieve high-impact compromise (confidentiality, integrity, availability). EPSS data not available; no confirmed active exploitation (not in CISA KEV); public exploit code status unknown. Attack complexity rated high (AC:H) due to race condition timing requirements, reducing immediate weaponization risk despite 7.0 CVSS score.
Technical Context
This vulnerability stems from CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization/Race Condition) in Samsung's proprietary Wi-Fi driver implementation for Exynos chipsets. The affected processors span mobile (Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580) and wearable (W920, W930, W1000) product lines. The flaw involves improper locking or synchronization mechanisms when multiple threads concurrently invoke ioctl system calls that manipulate a shared global variable in kernel space. This creates a time-of-check-time-of-use (TOCTOU) window where a pointer can be freed by one thread while still being referenced by another, resulting in a use-after-free condition. Successful exploitation requires precise timing to win the race, typical of kernel-level synchronization bugs in device drivers where performance optimization sometimes sacrifices thread safety.
Affected Products
The vulnerability affects Samsung Exynos mobile processors models 980, 850, 1080, 1280, 1330, 1380, 1480, 1580 and wearable processors W920, W930, W1000. These chipsets power various Samsung Galaxy smartphones, tablets, and wearable devices including smartwatches. The CPE string provided (cpe:2.3:a:n/a:n/a) is not specific, but Samsung's official security advisory at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54602/ identifies the complete list of affected processor models. End-user device models incorporating these chipsets would need firmware updates from device manufacturers (Samsung Electronics for Galaxy devices, and OEM partners for other devices using these processors).
Remediation
Samsung Semiconductor has published a security advisory acknowledging CVE-2025-54602 at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54602/ and their general product security updates page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/. Device manufacturers using affected Exynos processors should obtain updated chipset firmware from Samsung and integrate it into device firmware updates. End users should apply security patches distributed through their device manufacturer's update channels (typically Samsung Security Maintenance Release or SMR updates for Galaxy devices). Specific patched firmware versions are not detailed in the available references, so users should monitor their device manufacturer's security bulletins and apply all available system updates. No workarounds are documented; patching is the only effective mitigation. Enterprise mobility management teams should verify patch deployment across managed Samsung device fleets and consider restricting installation of untrusted applications on unpatched devices to minimize local attack surface.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today