CVE-2025-62815
NULL Pointer Dereference in Samsung Exynos NPU Causes DoS
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_1380_firmware | * |
| samsung | exynos_1480_firmware | * |
| samsung | exynos_1580_firmware | * |
| samsung | exynos_2400_firmware | * |
| samsung | exynos_2500_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-62815 is a medium-severity vulnerability affecting Samsung Exynos processors, specifically models 1380, 1480, 2400, 1580, and 2500.'}, {'type': 'paragraph', 'content': 'The issue arises from a null pointer dereference in the "npu_proto_drv.ast.thread_ref" variable within the function set_cpu_affinity().'}, {'type': 'paragraph', 'content': 'This flaw can cause a denial of service (DoS) by triggering a crash when the null pointer is dereferenced. The affected component is the Neural Processing Unit (NPU) driver.'}] [1]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) on affected Samsung Exynos processors by crashing the system when the null pointer is dereferenced in the NPU driver.
As a result, devices using these processors may become unresponsive or fail to operate correctly, potentially disrupting normal device functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know