EUVD-2025-209241
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Tags
Description
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport packet leads to a Denial of Service.
Analysis
Denial of service in Samsung Exynos chipsets' NAS (Non-Access Stratum) layer allows remote unauthenticated attackers to crash mobile devices via malformed Downlink NAS Transport packets. Affects 23+ Exynos processor and modem variants used in mobile phones, wearables, and cellular modems (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400). Despite CVSS 7.5, EPSS shows only 0.02% exploitation probability (5th percentile), and no public exploit or active exploitation confirmed at time of analysis.
Technical Context
The vulnerability resides in the Non-Access Stratum (NAS) protocol implementation within Samsung Exynos chipsets' cellular baseband processors. NAS handles signaling between mobile devices and the core network (independent of the radio access technology), managing functions like authentication, mobility, and session management. The flaw (CWE-400: Uncontrolled Resource Consumption) stems from improper validation when processing Downlink NAS Transport messages from the network to the device. These messages carry upper-layer data encapsulated within NAS signaling. Incorrect handling-likely missing bounds checks, malformed TLV parsing, or unbounded resource allocation-allows specially crafted packets to exhaust resources or trigger crash conditions in the baseband firmware. This affects a broad range of Exynos mobile processors (flagship 2100/2200/2400/2500, mid-range 980/990/1080/1280/1380/1480/1580, entry-level 850, wearable W-series) and standalone modems (5123/5300/5400), spanning multiple device generations across smartphones, smartwatches, and IoT products.
Affected Products
Samsung Exynos mobile processors: 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, and 9110. Samsung Exynos wearable processors: W920, W930, and W1000. Samsung Exynos standalone modems: 5123, 5300, and 5400. These chipsets power various Samsung Galaxy smartphones (including flagship S-series and mid-range A-series models), Galaxy Watch devices, and cellular-enabled tablets and IoT products. Specific device models and firmware versions are not enumerated in the advisory; consult Samsung's product security updates portal at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54324/ for detailed device-level guidance.
Remediation
Apply firmware updates from device manufacturers incorporating Samsung's baseband security patch. Samsung Semiconductor has published advisory details at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54324/ with chipset-level patch availability. End-users should install Android security updates from Samsung Mobile, Google (for Pixel devices with Exynos variants), Vivo, and other OEMs using affected Exynos chipsets-typically distributed through monthly Android Security Bulletin updates. Enterprise deployments should verify baseband firmware versions through MDM tools and prioritize updates for devices used in sensitive locations where rogue base station attacks are plausible. No user-level workarounds exist (cellular connectivity cannot be selectively hardened), making vendor patches the sole mitigation. Monitor Samsung's semiconductor security portal and device OEM security bulletins for exact patched firmware build numbers.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today