CVE-2025-54601
Received Received - Intake
Double Free Race Condition in Samsung Exynos Wi-Fi Driver

Publication date: 2026-04-06

Last updated on: 2026-04-07

Assigner: MITRE

Description
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-14
NVD
CVE-2025-54601
EUVD
EUVD-2025-209249
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
samsung exynos_980_firmware *
samsung exynos_850_firmware *
samsung exynos_1080_firmware *
samsung exynos_1280_firmware *
samsung exynos_1330_firmware *
samsung exynos_1380_firmware *
samsung exynos_1480_firmware *
samsung exynos_1580_firmware *
samsung exynos_w930_firmware *
samsung exynos_w920_firmware *
samsung exynos_w1000_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should apply the patches issued by Samsung for the affected Exynos WiFi drivers as soon as possible.

Since the vulnerability arises from improper synchronization in the WiFi driver leading to a double free, updating to the patched driver versions will prevent exploitation.

Executive Summary

This vulnerability exists in the Wi-Fi driver of certain Samsung Mobile and Wearable Processors, including models like Exynos 980, 850, 1080, and others. It is caused by improper synchronization of a global variable, which leads to a double free condition. An attacker can exploit this by triggering a race condition through concurrent invocation of an ioctl function from multiple threads.

Impact Analysis

The vulnerability can potentially allow an attacker to cause a double free error in the Wi-Fi driver by exploiting a race condition. This could lead to unpredictable behavior such as crashes, memory corruption, or possibly execution of arbitrary code, depending on how the double free is leveraged.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-54601. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart