SB2025110337 - Multiple vulnerabilities in Samsung products
Published: November 3, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 secuirty vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2024-56426)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the USB component. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Use-after-free (CVE-ID: CVE-2025-54335)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Xclipse GPU Driver. A remote attacker can execute arbitrary code on the target system.
3) NULL pointer dereference (CVE-ID: CVE-2025-54334)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within "hdev" in __npu_vertex_bootup() function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
4) Untrusted Pointer Dereference (CVE-ID: CVE-2025-54333)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to invalid pointer dereference of "node" in get_vs4l_profiler_node() function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2025-54332)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in "profiler.node" in npu_vertex_profileoff() function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
6) Untrusted Pointer Dereference (CVE-ID: CVE-2025-54331)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to untrusted pointer dereference of "src_hdr" in copy_ncp_header() function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
7) Out-of-bounds read (CVE-ID: CVE-2025-54330)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within "q->bufs[]" in __is_done_for_me(). A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
8) Heap-based buffer overflow (CVE-ID: CVE-2025-54329)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the function used to send multiple payloads message including SMS message. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.
9) Input validation error (CVE-ID: CVE-2025-54327)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the VTS driver. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
10) Race condition (CVE-ID: CVE-2025-54325)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a race condition in the VTS driver. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.
11) Information disclosure (CVE-ID: CVE-2025-54323)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper debug printing within Camera. A remote attacker can gain unauthorized access to sensitive information on the system.
12) Use-after-free (CVE-ID: CVE-2025-52910)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mobile processor. A remote attacker can gain elevated privileges on the target system.
13) Race condition (CVE-ID: CVE-2025-52513)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in the HTS driver. A remote attacker can exploit the race and cause a denial of service condition on the target system.
14) Race condition (CVE-ID: CVE-2025-52512)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in the HTS driver. A remote attacker can exploit the race and cause a denial of service condition on the target system.
15) Input validation error (CVE-ID: CVE-2025-49494)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of 5G NRMM packet. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
16) Out-of-bounds write (CVE-ID: CVE-2025-27374)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the Secure boot component. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2024-56426/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54335/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54334/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54333/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54332/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54331/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54330/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54329/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54327/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54325/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54323/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-52910/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-52513/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-52512/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-49494/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-27374/