CVE-2025-58348
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_980_firmware | * |
| samsung | exynos_980 | * |
| samsung | exynos_850_firmware | * |
| samsung | exynos_850 | * |
| samsung | exynos_1080_firmware | * |
| samsung | exynos_1080 | * |
| samsung | exynos_1280_firmware | * |
| samsung | exynos_1280 | * |
| samsung | exynos_1330_firmware | * |
| samsung | exynos_1330 | * |
| samsung | exynos_1480_firmware | * |
| samsung | exynos_1480 | * |
| samsung | exynos_1380_firmware | * |
| samsung | exynos_1380 | * |
| samsung | exynos_1580_firmware | * |
| samsung | exynos_1580 | * |
| samsung | exynos_w920_firmware | * |
| samsung | exynos_w920 | * |
| samsung | exynos_w930_firmware | * |
| samsung | exynos_w930 | * |
| samsung | exynos_w1000_firmware | * |
| samsung | exynos_w1000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to kernel memory exhaustion, which may cause denial of service or system instability.
An attacker exploiting this flaw could disrupt normal device operation by exhausting critical kernel memory resources, potentially causing crashes or degraded performance.
Can you explain this vulnerability to me?
CVE-2025-58348 is a medium-severity vulnerability in the Wi-Fi driver of several Samsung Exynos processors. It occurs due to unbounded memory allocation when writing to the file path `/proc/driver/unifi0/confg_tspec`. This means that the driver does not properly limit the size of memory allocated during this operation.
As a result, an attacker can cause the system to allocate excessive kernel memory, leading to kernel memory exhaustion.
What immediate steps should I take to mitigate this vulnerability?
This vulnerability arises from unbounded memory allocation during writes to the file path /proc/driver/unifi0/confg_tspec in the Wi-Fi driver of affected Samsung Exynos processors.
To mitigate this vulnerability, it is recommended to avoid or restrict write operations to /proc/driver/unifi0/confg_tspec until a patch or update from Samsung is applied.
Monitoring and controlling access to this procfs interface can help prevent exploitation that leads to kernel memory exhaustion and potential denial of service.
Applying official security updates from Samsung addressing this issue as soon as they become available is the most effective mitigation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an unbounded memory allocation triggered by writing a large buffer to the file path /proc/driver/unifi0/confg_tspec in the Wi-Fi driver of affected Samsung Exynos processors.
To detect if your system is vulnerable or being targeted, you can check for unusual or large write operations to this procfs file and monitor kernel memory usage for signs of exhaustion or instability.
Suggested commands include:
- Use `cat /proc/driver/unifi0/confg_tspec` to check if the file exists, indicating the presence of the vulnerable driver.
- Monitor kernel memory usage with commands like `free -m` or `cat /proc/meminfo` to detect abnormal memory exhaustion.
- Use `inotifywait` or similar tools to watch for write operations to /proc/driver/unifi0/confg_tspec.
- Check system logs (e.g., `dmesg` or `/var/log/kern.log`) for kernel warnings or errors related to memory exhaustion or instability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.