CVE-2025-58343
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_980_firmware | * |
| samsung | exynos_980 | * |
| samsung | exynos_850_firmware | * |
| samsung | exynos_850 | * |
| samsung | exynos_1080_firmware | * |
| samsung | exynos_1080 | * |
| samsung | exynos_1280_firmware | * |
| samsung | exynos_1280 | * |
| samsung | exynos_1330_firmware | * |
| samsung | exynos_1330 | * |
| samsung | exynos_1380_firmware | * |
| samsung | exynos_1380 | * |
| samsung | exynos_1480_firmware | * |
| samsung | exynos_1480 | * |
| samsung | exynos_1580_firmware | * |
| samsung | exynos_1580 | * |
| samsung | exynos_w920_firmware | * |
| samsung | exynos_w920 | * |
| samsung | exynos_w930_firmware | * |
| samsung | exynos_w930 | * |
| samsung | exynos_w1000_firmware | * |
| samsung | exynos_w1000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58343 is a medium-severity vulnerability in the Wi-Fi drivers of multiple Samsung Exynos processors. It occurs due to an unbounded memory allocation triggered by writing to the procfs interface at /proc/driver/unifi0/create_tspec. This means that when this operation is performed, it can request excessive memory without proper limits.
As a result, this flaw can lead to kernel memory exhaustion, which affects the stability and operation of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can cause denial of service or system instability by exhausting kernel memory. An attacker exploiting this flaw can trigger excessive memory allocation, which may crash the system or degrade its performance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unbounded memory allocation triggered by writing to the procfs interface at /proc/driver/unifi0/create_tspec in affected Samsung Exynos Wi-Fi drivers.
To detect potential exploitation or attempts, monitoring write operations to this procfs path could be useful.
Commands to check for suspicious activity might include:
- Use auditd or inotify to monitor writes to /proc/driver/unifi0/create_tspec.
- Example with auditctl: auditctl -w /proc/driver/unifi0/create_tspec -p w -k unifi0_write
- Check kernel logs (dmesg) for memory exhaustion or related errors.
- Monitor system memory usage and kernel stability for unusual patterns.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding or restricting write access to /proc/driver/unifi0/create_tspec to prevent triggering the unbounded memory allocation.
Applying any available patches or updates from Samsung for the affected Exynos Wi-Fi drivers is critical.
If patches are not yet available, consider disabling or limiting the Wi-Fi driver functionality on affected devices if feasible.
Monitor system logs and memory usage closely to detect early signs of exploitation attempts.