Login Sign Up

CVE-2025-54326

7.5 HIGH

📋 TL;DR

A NULL pointer dereference vulnerability in Samsung Exynos 1280 and 2200 camera drivers allows attackers to cause denial of service by triggering a crash. This affects Samsung mobile devices using these processors. The vulnerability requires local access to exploit.

💻 Affected Systems

Products:
  • Samsung mobile devices with Exynos 1280 processor
  • Samsung mobile devices with Exynos 2200 processor
Versions: All versions before vendor patch
Operating Systems: Android with Samsung kernel modifications
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with the specific Exynos processors; requires camera hardware to be present and enabled.

📦 What is this software?

Exynos 1280 Firmware by Samsung

View all CVEs affecting Exynos 1280 Firmware →

Exynos 2200 Firmware by Samsung

View all CVEs affecting Exynos 2200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent device bricking requiring hardware replacement if the camera subsystem becomes permanently unstable.

🟠

Likely Case

Temporary device crash/reboot when camera functionality is accessed, disrupting device availability.

🟢

If Mitigated

No impact if patched or if camera hardware is disabled/not used.

🌐 Internet-Facing: LOW - Requires local access to device hardware/drivers, not remotely exploitable.
🏢 Internal Only: MEDIUM - Malicious apps or users with physical access could trigger the crash.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires kernel-level access or malicious app with camera permissions; not trivial but feasible for determined attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor-specific firmware updates (check Samsung security updates)

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54326/

Restart Required: Yes

Instructions:

1. Check for Samsung device security updates in Settings > Software update. 2. Install available updates. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable camera hardware

android

Prevent camera driver initialization by disabling camera hardware/permissions

adb shell pm disable com.sec.android.app.camera
adb shell pm revoke [package] android.permission.CAMERA

🧯 If You Can't Patch

  • Restrict camera permissions to trusted apps only
  • Monitor for unexpected device crashes/reboots indicating potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check device processor model in Settings > About phone > Hardware info, and verify if security patch level is before vendor fix date.

Check Version:

adb shell getprop ro.boot.hardware

Verify Fix Applied:

Confirm security patch date is after vendor advisory publication and test camera functionality for stability.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs mentioning camera driver
  • Unexpected device reboots with camera-related errors

Network Indicators:

  • None - local hardware vulnerability

SIEM Query:

Device logs showing 'NULL pointer dereference' or 'kernel panic' in camera driver context

📊 Metadata

CVE ID: CVE-2025-54326
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
EPSS Score: 0.07% exploit probability (20.2th percentile)
Published: December 3, 2025
Last Updated: December 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-54326, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)