CVE-2025-54601 - Vulnerability Details

Description

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads.

Published: 2026-04-06

Score: 7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An improper synchronization bug in the Wi‑Fi driver of Samsung Exynos mobile and wearable processors allows a race condition that results in a double free. The flaw is triggered when an ioctl function is called concurrently from multiple threads, potentially corrupting memory and leading to remote code execution or other serious consequences.

Affected Systems

Samsung’s Exynos processors, including the Mobile Processor Exynos 850, 980, 1080, 1280, 1330, 1380, 1480, 1580, and the Wearable Processor models W920, W930, and W1000. The vulnerability exists in the Wi‑Fi driver firmware bundled with these devices.

Risk and Exploitability

The CVSS score of 7 indicates moderate to high severity, but the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The flaw is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is a local application that can invoke the vulnerable ioctl concurrently; an attacker could trigger a race condition leading to memory corruption. Because of the severe impact and the low but present exploitation probability, prompt mitigation is advised.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_850:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1080:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:samsung:exynos_1580_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_1580:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_w930:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:samsung:exynos_w920_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_w920:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:samsung:exynos_w1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:samsung:exynos_w1000:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Samsung

Exynos

100%

Version	Status	Scheme	Platform
`—`	affected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest firmware update released by Samsung for the affected Exynos processors
If a patch is not yet available, disable or temporarily block the Wi‑Fi driver or limit concurrent ioctl access to the driver
Restrict untrusted applications from accessing the Wi‑Fi driver’s ioctl interface
Regularly check Samsung’s support site for updates or patches
Consider monitoring system logs for abnormal memory failures or driver crashes

Generated by OpenCVE AI on April 8, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0001.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://semiconductor.samsung.com/support/quality-support/product-security-updates/
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54601/

History

Wed, 08 Apr 2026 20:15:00 +0000

Type	Values Removed	Values Added
Title	Race Condition Double Free in Samsung Exynos Wi‑Fi Driver
Weaknesses	CWE-416

Tue, 07 Apr 2026 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Samsung exynos 1080 Samsung exynos 1080 Firmware Samsung exynos 1280 Samsung exynos 1280 Firmware Samsung exynos 1330 Samsung exynos 1330 Firmware Samsung exynos 1380 Samsung exynos 1380 Firmware Samsung exynos 1480 Samsung exynos 1480 Firmware Samsung exynos 1580 Samsung exynos 1580 Firmware Samsung exynos 850 Samsung exynos 850 Firmware Samsung exynos 980 Samsung exynos 980 Firmware Samsung exynos W1000 Samsung exynos W1000 Firmware Samsung exynos W920 Samsung exynos W920 Firmware Samsung exynos W930 Samsung exynos W930 Firmware
CPEs		cpe:2.3:h:samsung:exynos_1080:-:::::::* cpe:2.3:h:samsung:exynos_1280:-:::::::* cpe:2.3:h:samsung:exynos_1330:-:::::::* cpe:2.3:h:samsung:exynos_1380:-:::::::* cpe:2.3:h:samsung:exynos_1480:-:::::::* cpe:2.3:h:samsung:exynos_1580:-:::::::* cpe:2.3:h:samsung:exynos_850:-:::::::* cpe:2.3:h:samsung:exynos_980:-:::::::* cpe:2.3:h:samsung:exynos_w1000:-:::::::* cpe:2.3:h:samsung:exynos_w920:-:::::::* cpe:2.3:h:samsung:exynos_w930:-:::::::* cpe:2.3:o:samsung:exynos_1080_firmware:-:::::::* cpe:2.3:o:samsung:exynos_1280_firmware:-:::::::* cpe:2.3:o:samsung:exynos_1330_firmware:-:::::::* cpe:2.3:o:samsung:exynos_1380_firmware:-:::::::* cpe:2.3:o:samsung:exynos_1480_firmware:-:::::::* cpe:2.3:o:samsung:exynos_1580_firmware:-:::::::* cpe:2.3:o:samsung:exynos_850_firmware:-:::::::* cpe:2.3:o:samsung:exynos_980_firmware:-:::::::* cpe:2.3:o:samsung:exynos_w1000_firmware:-:::::::* cpe:2.3:o:samsung:exynos_w920_firmware:-:::::::* cpe:2.3:o:samsung:exynos_w930_firmware:-:::::::*
Vendors & Products		Samsung exynos 1080 Samsung exynos 1080 Firmware Samsung exynos 1280 Samsung exynos 1280 Firmware Samsung exynos 1330 Samsung exynos 1330 Firmware Samsung exynos 1380 Samsung exynos 1380 Firmware Samsung exynos 1480 Samsung exynos 1480 Firmware Samsung exynos 1580 Samsung exynos 1580 Firmware Samsung exynos 850 Samsung exynos 850 Firmware Samsung exynos 980 Samsung exynos 980 Firmware Samsung exynos W1000 Samsung exynos W1000 Firmware Samsung exynos W920 Samsung exynos W920 Firmware Samsung exynos W930 Samsung exynos W930 Firmware

Tue, 07 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 07 Apr 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Samsung Samsung exynos
Vendors & Products		Samsung Samsung exynos

Tue, 07 Apr 2026 08:00:00 +0000

Type	Values Removed	Values Added
Title		Race Condition Double Free in Samsung Exynos Wi‑Fi Driver
Weaknesses		CWE-362 CWE-416

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
Description		An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads.
References		https://semiconductor.samsung.com/support/quality-support/product-security-updates/ https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54601/

Subscriptions

Samsung Exynos Exynos 1080 Exynos 1080 Firmware Exynos 1280 Exynos 1280 Firmware Exynos 1330 Exynos 1330 Firmware Exynos 1380 Exynos 1380 Firmware Exynos 1480 Exynos 1480 Firmware Exynos 1580 Exynos 1580 Firmware Exynos 850 Exynos 850 Firmware Exynos 980 Exynos 980 Firmware Exynos W1000 Exynos W1000 Firmware Exynos W920 Exynos W920 Firmware Exynos W930 Exynos W930 Firmware

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-06T00:00:00.000Z

Updated: 2026-04-07T14:02:40.432Z

Reserved: 2025-07-27T00:00:00.000Z

Link: CVE-2025-54601

Vulnrichment

Updated: 2026-04-07T14:02:36.093Z

NVD

Status : Analyzed

Published: 2026-04-06T21:16:19.880

Modified: 2026-04-07T16:08:47.470

Link: CVE-2025-54601

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-09T08:29:06Z

Weaknesses

CWE-362

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object