CVE-2025-58340
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_980_firmware | * |
| samsung | exynos_980 | * |
| samsung | exynos_850_firmware | * |
| samsung | exynos_850 | * |
| samsung | exynos_1080_firmware | * |
| samsung | exynos_1080 | * |
| samsung | exynos_1280_firmware | * |
| samsung | exynos_1280 | * |
| samsung | exynos_1330_firmware | * |
| samsung | exynos_1330 | * |
| samsung | exynos_1380_firmware | * |
| samsung | exynos_1380 | * |
| samsung | exynos_1480_firmware | * |
| samsung | exynos_1480 | * |
| samsung | exynos_1580_firmware | * |
| samsung | exynos_1580 | * |
| samsung | exynos_w920_firmware | * |
| samsung | exynos_w920 | * |
| samsung | exynos_w930_firmware | * |
| samsung | exynos_w930 | * |
| samsung | exynos_w1000_firmware | * |
| samsung | exynos_w1000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2025-58340 is a medium-severity vulnerability found in the Wi-Fi drivers of various Samsung Exynos processors. The issue occurs due to unbounded memory allocation triggered by write operations to the /proc/driver/unifi0/send_delts interface. This means that when data is written to this interface, the system allocates memory without proper limits, which can lead to kernel memory exhaustion.
How can this vulnerability impact me? :
This vulnerability can cause kernel memory exhaustion, which may result in denial of service or system instability. Essentially, an attacker or a malicious process could exploit this flaw to disrupt the normal operation of the device by exhausting its kernel memory resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves unbounded memory allocation via write operations to the /proc/driver/unifi0/send_delts interface in Samsung Exynos Wi-Fi drivers.'}, {'type': 'paragraph', 'content': 'To detect potential exploitation or attempts, monitoring write operations to /proc/driver/unifi0/send_delts could be useful.'}, {'type': 'paragraph', 'content': 'Commands to check for suspicious activity might include:'}, {'type': 'list_item', 'content': 'Use auditd or inotify to monitor writes to /proc/driver/unifi0/send_delts.'}, {'type': 'list_item', 'content': "Check kernel logs for memory exhaustion or related errors using: dmesg | grep -i 'memory exhaustion'"}, {'type': 'list_item', 'content': 'Use commands like: cat /proc/driver/unifi0/send_delts to verify current state or attempts to write.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding or restricting write access to /proc/driver/unifi0/send_delts to prevent triggering the unbounded memory allocation.
Applying any available patches or updates from Samsung for the affected Exynos Wi-Fi drivers is recommended.
If patches are not yet available, consider disabling or limiting the Wi-Fi driver functionality on affected devices to reduce risk.