CVE-2025-62815
Received Received - Intake

NULL Pointer Dereference in Samsung Exynos NPU Causes DoS

Vulnerability report for CVE-2025-62815, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-03

Last updated on: 2026-03-04

Assigner: MITRE

Description

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-03
Last Modified
2026-03-04
Generated
2026-07-07
AI Q&A
2026-03-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
samsung exynos_1380_firmware *
samsung exynos_1480_firmware *
samsung exynos_1580_firmware *
samsung exynos_2400_firmware *
samsung exynos_2500_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-62815 is a medium-severity vulnerability affecting Samsung Exynos processors, specifically models 1380, 1480, 2400, 1580, and 2500.'}, {'type': 'paragraph', 'content': 'The issue arises from a null pointer dereference in the "npu_proto_drv.ast.thread_ref" variable within the function set_cpu_affinity().'}, {'type': 'paragraph', 'content': 'This flaw can cause a denial of service (DoS) by triggering a crash when the null pointer is dereferenced. The affected component is the Neural Processing Unit (NPU) driver.'}] [1]

Impact Analysis

This vulnerability can cause a denial of service (DoS) on affected Samsung Exynos processors by crashing the system when the null pointer is dereferenced in the NPU driver.

As a result, devices using these processors may become unresponsive or fail to operate correctly, potentially disrupting normal device functionality.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62815. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart