CVE-2025-58343

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor and Wearable Processor Exynos 980 Samsung Mobile Processor and Wearable Processor Exynos 850 Samsung Mobile Processor and Wearable Processor Exynos 1080 Samsung Mobile Processor and Wearable Processor Exynos 1280 Samsung Mobile Processor and Wearable Processor Exynos 1330 Samsung Mobile Processor and Wearable Processor Exynos 1380 Samsung Mobile Processor and Wearable Processor Exynos 1480 Samsung Mobile Processor and Wearable Processor Exynos 1580 Samsung Mobile Processor and Wearable Processor Exynos W920 Samsung Mobile Processor and Wearable Processor Exynos W930 Samsung Mobile Processor and Wearable Processor Exynos W1000

Description An issue exists due to unbounded memory allocation via a large buffer in a /proc/driver/unifi0/create tspec write operation, leading to kernel memory exhaustion. The /proc/driver/unifi0/create tspec is an API endpoint used for creating a traffic specification. The vulnerability occurs when a large buffer is written to this endpoint, causing the system to allocate an excessive amount of memory. This can lead to a denial-of-service condition as the kernel runs out of available memory. The variable buffer size within the create tspec function is not properly validated, allowing an attacker to control the amount of memory allocated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.