CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-52909

CVSS 9.8v3.1pub. 2026-04-07upd. 2026-04-13

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 2 of 2.

🤖 AI Analysis
How it works

The flaw results from improper handling of NL80211 vendor command (NL80211 vendor command) in the Wi-Fi driver. Through a specially crafted ioctl message, a buffer overflow (CWE-120) can be triggered. The vulnerability requires no authentication or user interaction, and the attack vector is network-based, making it particularly dangerous.

Impact

Successful exploitation of this vulnerability can lead to complete breach of system confidentiality, integrity, and availability, including potential remote takeover of the device (RCE). This is the second of two identified vulnerabilities of this type in the same component.

Mitigation & patch

Security patches available from the manufacturer should be applied according to the references: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52909/

Who is affected

Firmware of Samsung Exynos processors: 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000 — used in mobile devices and wearables.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Samsung Exynos 1280

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos 1280 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos 1330

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos 1330 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos 1380

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos 1380 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos 1480

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos 1480 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos 1580

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos 1580 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos 850

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos 850 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos 980

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos 980 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos W1000

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos W1000 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos W920

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos W920 Firmware

    OS
    Samsung
    wszystkie wersje
  • Samsung Exynos W930

    HW
    Samsung
    wszystkie wersje
  • Samsung Exynos W930 Firmware

    OS
    Samsung
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-52908CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w sterowniku Wi-Fi Samsung Exynos przez błędną obsługę NL80211

CVE-2025-62818CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w procesorach Samsung Exynos przy przetwarzaniu SMS TP-UD

CVE-2025-54328CRITICAL10.0PL ✓ten sam produkt

Stack-based Buffer Overflow w obsłudze SMS w procesorach Samsung Exynos

CVE-2025-58349CRITICAL9.1PL ✓ten sam produkt

Błąd obsługi pakietów LTE MAC w procesorach Samsung Exynos powoduje crash baseband

CVE-2025-27807CRITICAL9.1PL ✓ten sam produkt

Out-of-bounds write w Samsung Exynos via błędne pakiety NAS