SB2025110337 - Multiple vulnerabilities in Samsung products
Published: November 3, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 16 vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2024-56426)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the USB component. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
2) Use-after-free (CVE-ID: CVE-2025-54335)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Xclipse GPU Driver. A remote attacker can execute arbitrary code on the target system.
3) NULL pointer dereference (CVE-ID: CVE-2025-54334)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within "hdev" in __npu_vertex_bootup() function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
4) Untrusted Pointer Dereference (CVE-ID: CVE-2025-54333)
CWE-ID: CWE-822 - Untrusted Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to invalid pointer dereference of "node" in get_vs4l_profiler_node() function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
5) NULL pointer dereference (CVE-ID: CVE-2025-54332)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in "profiler.node" in npu_vertex_profileoff() function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
6) Untrusted Pointer Dereference (CVE-ID: CVE-2025-54331)
CWE-ID: CWE-822 - Untrusted Pointer Dereference
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to untrusted pointer dereference of "src_hdr" in copy_ncp_header() function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
7) Out-of-bounds read (CVE-ID: CVE-2025-54330)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within "q->bufs[]" in __is_done_for_me(). A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
8) Heap-based buffer overflow (CVE-ID: CVE-2025-54329)
CWE-ID: CWE-122 - Heap-based Buffer Overflow
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the function used to send multiple payloads message including SMS message. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.
9) Input validation error (CVE-ID: CVE-2025-54327)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input in the VTS driver. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the system.
10) Race condition (CVE-ID: CVE-2025-54325)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a race condition in the VTS driver. A remote attacker can exploit the race and gain unauthorized access to sensitive information on the system.
11) Information disclosure (CVE-ID: CVE-2025-54323)
CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper debug printing within Camera. A remote attacker can gain unauthorized access to sensitive information on the system.
12) Use-after-free (CVE-ID: CVE-2025-52910)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mobile processor. A remote attacker can gain elevated privileges on the target system.
13) Race condition (CVE-ID: CVE-2025-52513)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in the HTS driver. A remote attacker can exploit the race and cause a denial of service condition on the target system.
14) Race condition (CVE-ID: CVE-2025-52512)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in the HTS driver. A remote attacker can exploit the race and cause a denial of service condition on the target system.
15) Input validation error (CVE-ID: CVE-2025-49494)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of 5G NRMM packet. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
16) Out-of-bounds write (CVE-ID: CVE-2025-27374)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the Secure boot component. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2024-56426/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54335/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54334/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54333/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54332/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54331/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54330/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54329/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54327/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54325/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-54323/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-52910/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-52513/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-52512/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-49494/
- https://semiconductor.samsung.com/content/semiconductor/global/support/quality-support/product-security-updates/cve-2025-27374/