Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile processor leads to privilege escalation.
AnalysisAI
Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, and 2400) that enables privilege escalation. An authenticated attacker with local access can trigger the memory corruption flaw to gain elevated privileges on affected devices. With a CVSS score of 8.8 and network accessibility (AV:N), this represents a critical risk for Samsung mobile device users, particularly if the vulnerability is actively exploited in-the-wild.
Technical ContextAI
The vulnerability exists within Samsung's proprietary Exynos mobile processor microarchitecture, likely in kernel-level or secure enclave memory management routines. CWE-415 (Double Free) occurs when a program attempts to free memory that has already been freed, leading to heap corruption. In the context of mobile processors with memory protection extensions (ARM TrustZone, Samsung Knox), a double-free in privileged processor code could allow an attacker to overwrite critical kernel data structures or security policy enforcement mechanisms. The affected Exynos processors span multiple generations (980/990 from Exynos 9-series, 1080/1280/1380/1480 from mid-range lines, and flagship 2100/2200/2400 models), suggesting the vulnerability is systemic across Samsung's processor design lineups rather than isolated to a single architecture version. CPE strings would typically match: cpe:2.3:h:samsung:exynos_980:*:*:*:*:*:*:*:* through cpe:2.3:h:samsung:exynos_2400:*:*:*:*:*:*:*:*
RemediationAI
Patch availability and specific patch versions were not provided in source data; remediation depends on Samsung's processor update cadence. Recommended actions: (1) Monitor Samsung Security Updates page and device manufacturer security bulletins for microcode patches or bootloader updates addressing CVE-2025-23102; (2) Apply all available security patches and OS updates immediately upon release, as these will contain mitigations; (3) For enterprise deployments, implement Mobile Device Management (MDM) policies to enforce automatic patching and isolate affected devices from sensitive networks; (4) As a temporary mitigation, restrict local access to unprivileged user accounts and disable unnecessary local services that could be chained with this vulnerability; (5) Coordinate with carriers to ensure timely distribution of patches, as processor-level fixes require OEM and carrier collaboration. Hardware workarounds do not exist; vulnerability remediation requires security patch deployment.
More in Exynos 1080 Firmware
View allIn RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13
Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write
Use-After-Free (UAF) vulnerability in Samsung's Exynos mobile processors (980, 990, 1080, 2100, 1280, 2200, 1380) that e
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480
An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,
An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 240
An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920
Denial of service in Samsung Exynos USIM firmware across mobile, wearable, and modem processors allows unauthenticated r
System crash in Samsung Exynos processors (980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, Wearable
Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).
Exynos 980 Firmware versions up to - is affected by allocation of resources without limits or throttling (CVSS 6.2).
Same weakness CWE-415 – Double Free
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16776