CVE-2025-58346 Overview
A memory exhaustion vulnerability has been discovered in the Wi-Fi driver used by Samsung Mobile Processor and Wearable Processor Exynos chipsets. The vulnerability exists in the /proc/driver/unifi0/send_addts interface, which allows unbounded memory allocation when processing write operations with large buffers. An attacker with local access can exploit this flaw to exhaust kernel memory, resulting in a denial-of-service condition affecting device availability.
Critical Impact
Local attackers can cause kernel memory exhaustion on affected Samsung Exynos-based devices, potentially rendering mobile phones and wearable devices unresponsive or causing system crashes.
Affected Products
- Samsung Exynos 980 (Mobile Processor)
- Samsung Exynos 850 (Mobile Processor)
- Samsung Exynos 1080 (Mobile Processor)
- Samsung Exynos 1280 (Mobile Processor)
- Samsung Exynos 1330 (Mobile Processor)
- Samsung Exynos 1380 (Mobile Processor)
- Samsung Exynos 1480 (Mobile Processor)
- Samsung Exynos 1580 (Mobile Processor)
- Samsung Exynos W920 (Wearable Processor)
- Samsung Exynos W930 (Wearable Processor)
- Samsung Exynos W1000 (Wearable Processor)
Discovery Timeline
- 2026-02-03 - CVE-2025-58346 published to NVD
- 2026-02-05 - Last updated in NVD database
Technical Details for CVE-2025-58346
Vulnerability Analysis
This vulnerability is classified as CWE-770 (Allocation of Resources Without Limits or Throttling). The Wi-Fi driver in affected Samsung Exynos processors exposes a procfs interface at /proc/driver/unifi0/send_addts that handles ADDTS (Add Traffic Specification) operations for Wi-Fi QoS management. When a write operation is performed on this interface, the driver allocates kernel memory based on the buffer size provided by the user without implementing proper bounds checking or size limits.
The lack of input validation on the buffer size parameter allows a local attacker to submit arbitrarily large values, causing the kernel to attempt allocation of excessive memory. This results in kernel memory exhaustion, which can crash the device or severely degrade system performance. The attack requires local access to the device but does not require any special privileges, making it exploitable by any application with the ability to write to the procfs interface.
Root Cause
The root cause is improper resource allocation handling in the Wi-Fi driver's procfs write handler. The driver fails to enforce maximum size limits on memory allocation requests when processing user-supplied buffer data for ADDTS operations. Without proper bounds checking, the driver blindly trusts the user-provided buffer size and attempts to allocate the corresponding amount of kernel memory.
Attack Vector
The attack requires local access to the target device. An attacker can exploit this vulnerability by writing a crafted payload with an excessively large buffer size to the /proc/driver/unifi0/send_addts interface. Since no user interaction or authentication is required, any process with write access to this procfs entry can trigger the memory exhaustion condition.
The vulnerability manifests when the Wi-Fi driver processes write operations to the /proc/driver/unifi0/send_addts interface. An attacker submitting a request with an extremely large buffer size causes the kernel to allocate memory without bounds checking, ultimately exhausting available kernel memory. For detailed technical information, refer to the Samsung CVE-2025-58346 Security Advisory.
Detection Methods for CVE-2025-58346
Indicators of Compromise
- Unusual memory consumption patterns in kernel space on Exynos-based devices
- Processes attempting to write large payloads to /proc/driver/unifi0/send_addts
- System instability or crashes related to out-of-memory conditions
- Wi-Fi driver errors or kernel panic logs referencing memory allocation failures
Detection Strategies
- Monitor for suspicious write operations to procfs Wi-Fi driver interfaces
- Implement kernel memory usage alerts to detect abnormal allocation patterns
- Deploy mobile device management (MDM) solutions capable of detecting anomalous system behavior
- Review kernel logs for memory allocation failures in Wi-Fi driver modules
Monitoring Recommendations
- Enable kernel auditing on Exynos-based devices to track procfs access patterns
- Configure alerts for rapid memory consumption increases
- Monitor for applications attempting to access sensitive procfs entries
- Track system stability metrics across fleet devices to identify exploitation attempts
How to Mitigate CVE-2025-58346
Immediate Actions Required
- Apply Samsung firmware updates as soon as they become available for affected processors
- Restrict access to /proc/driver/unifi0/send_addts where possible through SELinux or Android security policies
- Limit installation of untrusted applications that could exploit local vulnerabilities
- Monitor device health and stability for signs of exploitation
Patch Information
Samsung has released security updates addressing this vulnerability. Users and device manufacturers should apply the latest firmware updates for affected Exynos processors. For official patch information and guidance, consult the Samsung Product Security Updates portal and the Samsung CVE-2025-58346 Details page.
Workarounds
- Ensure devices are running the latest available firmware from Samsung
- Implement strict application installation policies to prevent untrusted code execution
- Use device management solutions to enforce security policies on enterprise devices
- Consider restricting procfs access through custom SELinux policies if patches cannot be immediately applied
# Check current firmware version on Android devices with Exynos processors
# Settings > About Phone > Software Information > Baseband Version
# Verify kernel version and build date
adb shell cat /proc/version
# Monitor for suspicious procfs access (requires root)
adb shell dmesg | grep -i "unifi"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
