PT-2025-42770 · Samsung · Exynos 990+17

Published

2024-11-06

Updated

2025-11-04

CVE-2024-55568

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400

Description The absence of a NULL check can lead to a Denial of Service when an attacker sends malformed MM packets to the target. The issue affects the UL2 component of the processor’s firmware, resulting in uncontrolled resource consumption due to a pointer dereference error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-476

Related Identifiers

BDU:2025-13730

CVE-2024-55568

Affected Products

Exynos 1080

Exynos 1280

Exynos 1330

Exynos 1380

Exynos 1480

Exynos 2100

Exynos 2200

Exynos 2400

Exynos 850

Exynos 9110

Exynos 980

Exynos 990

Exynos W1000

Exynos W920

Exynos W930

Modem 5123

Modem 5300

Modem 5400

PT-2025-42770 · Samsung · Exynos 990+17

CVE-2024-55568

Weakness Enumeration

Related Identifiers

Affected Products

References · 8