SB2025060217 - Multiple vulnerabilities in Samsung products
Published: June 2, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Double free (CVE-ID: CVE-2025-23095)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error in the mobile processor. A remote attacker can trigger double free error and gain elevated privileges on the target system.
2) Out-of-bounds write (CVE-ID: CVE-2025-23107)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
3) Use-after-free (CVE-ID: CVE-2025-23106)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mobile processor. A remote attacker can gain elevated privileges on the target system.
4) Use-after-free (CVE-ID: CVE-2025-23105)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mobile processor. A remote attacker can gain elevated privileges on the target system.
5) Use-after-free (CVE-ID: CVE-2025-23104)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mobile processor. A remote attacker can gain elevated privileges on the target system.
6) Out-of-bounds write (CVE-ID: CVE-2025-23103)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
7) Double free (CVE-ID: CVE-2025-23102)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error in the mobile processor. A remote attacker can trigger double free error and gain elevated privileges on the target system.
8) Use-after-free (CVE-ID: CVE-2025-23101)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mobile processor. A remote attacker can gain elevated privileges on the target system.
9) NULL pointer dereference (CVE-ID: CVE-2025-23100)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
10) Out-of-bounds write (CVE-ID: CVE-2025-23099)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
11) Use-after-free (CVE-ID: CVE-2025-23098)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mobile processor. A remote attacker can gain elevated privileges on the target system.
12) Out-of-bounds write (CVE-ID: CVE-2025-23097)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
13) Double free (CVE-ID: CVE-2025-23096)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error in the mobile processor. A remote attacker can trigger double free error and gain elevated privileges on the target system.
Remediation
Install update from vendor's website.
References
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23095/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23107/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23106/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23105/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23104/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23103/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23102/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23101/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23100/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23099/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23098/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23097/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-23096/