The vulnerability arises from improper handling of SIM card proactive commands in Samsung Exynos processors, allowing a malicious card to send commands that cause firmware failure and reboot, resulting in a denial of service and disrupting device availability. It represents a resource exhaustion weakness (CWE-400) that compromises system operation integrity.

Affected are Samsung Mobile Processor, Wearable Processor, and Modem chips such as Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400, including the corresponding firmware versions for each chip family.

The CVSS score of 7.5 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through a compromised or malicious SIM card that sends specially crafted proactive commands, so exploitation would require physical or remote card insertion capabilities.