CVE-2025-58347
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_980_firmware | * |
| samsung | exynos_980 | * |
| samsung | exynos_850_firmware | * |
| samsung | exynos_850 | * |
| samsung | exynos_1080_firmware | * |
| samsung | exynos_1080 | * |
| samsung | exynos_1280_firmware | * |
| samsung | exynos_1280 | * |
| samsung | exynos_1330_firmware | * |
| samsung | exynos_1330 | * |
| samsung | exynos_1380_firmware | * |
| samsung | exynos_1380 | * |
| samsung | exynos_1480_firmware | * |
| samsung | exynos_1480 | * |
| samsung | exynos_1580_firmware | * |
| samsung | exynos_1580 | * |
| samsung | exynos_w920_firmware | * |
| samsung | exynos_w920 | * |
| samsung | exynos_w930_firmware | * |
| samsung | exynos_w930 | * |
| samsung | exynos_w1000_firmware | * |
| samsung | exynos_w1000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2025-58347 is a medium-severity vulnerability found in the Wi-Fi drivers of multiple Samsung Exynos processors. The issue occurs due to unbounded memory allocation when writing to the file path /proc/driver/unifi0/p2p_certif. This means that the system allocates more memory than it should without limits, which can exhaust the kernel memory.
How can this vulnerability impact me? :
This vulnerability can lead to kernel memory exhaustion, which may cause denial of service or system instability. In practical terms, an attacker could exploit this flaw to disrupt the normal operation of devices using the affected Samsung Exynos processors by making the system run out of critical memory resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an unbounded memory allocation triggered by writing a large buffer to the file path /proc/driver/unifi0/p2p_certif in the Wi-Fi driver of affected Samsung Exynos processors.
To detect if the vulnerability is being exploited or if the system is affected, monitoring for unusual or large write operations to /proc/driver/unifi0/p2p_certif could be useful.
Commands to check for suspicious activity might include:
- Using auditd or inotify to monitor write access to /proc/driver/unifi0/p2p_certif.
- Checking kernel logs (e.g., dmesg) for memory exhaustion or related errors.
- Using commands like `lsof | grep /proc/driver/unifi0/p2p_certif` to see which processes are accessing this file.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or monitoring write access to /proc/driver/unifi0/p2p_certif to prevent unbounded memory allocation.
Additionally, applying any available patches or updates from Samsung addressing this vulnerability is recommended once released.
Until patches are available, limiting user or process permissions that can write to this file and monitoring system stability can help reduce risk.