CVE-2025-27891

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400

Description: The issue is related to the lack of a length check, which leads to out-of-bounds reads via malformed NAS packets.

Recommendations: For Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400, consider implementing a length check to prevent out-of-bounds reads. As a temporary workaround, consider restricting the processing of NAS packets to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.