CVE-2025-54602
Use-After-Free in Samsung Exynos Wi-Fi Driver via Race Condition
Publication date: 2026-04-06
Last updated on: 2026-04-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_980_firmware | * |
| samsung | exynos_850_firmware | * |
| samsung | exynos_1080_firmware | * |
| samsung | exynos_1280_firmware | * |
| samsung | exynos_1330_firmware | * |
| samsung | exynos_1380_firmware | * |
| samsung | exynos_1480_firmware | * |
| samsung | exynos_1580_firmware | * |
| samsung | exynos_w1000_firmware | * |
| samsung | exynos_w920_firmware | * |
| samsung | exynos_w930_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-54602 is a high-severity vulnerability in the WiFi drivers of multiple Samsung Exynos processors. It is caused by improper synchronization on a global variable, which leads to a use-after-free condition. This means that the driver may access memory that has already been freed, potentially causing unexpected behavior.
An attacker can trigger this vulnerability by invoking an ioctl function concurrently from multiple threads, causing a race condition that exploits the use-after-free flaw.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code or cause system instability on devices using the affected Samsung Exynos WiFi drivers.
Exploitation of this flaw could lead to unauthorized control over the device's WiFi functionality or potentially the entire system, resulting in compromised device security and reliability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability affects the WiFi driver in multiple Samsung Exynos processors due to improper synchronization leading to a use-after-free condition.
Immediate mitigation steps typically involve applying security updates or patches provided by Samsung for the affected Exynos SoC models.
Since the issue arises from the WiFi driver, disabling WiFi functionality temporarily or limiting concurrent ioctl calls from multiple threads may reduce the risk until a patch is applied.