CVE-2025-58345 – This vulnerability in Samsung Exynos Wi-Fi driv... (How to Fix)

Q: What is the severity of CVE-2025-58345?

CVE-2025-58345 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Samsung Exynos Wi-Fi drivers allows attackers to cause kernel memory exhaustion through unbounded memory allocation when writing to /proc/driver/unifi0/ap_certif_11ax_mode. This affects Samsung mobile and wearable devices using the listed Exynos processors, potentially leading to denial of service or system instability.

📋 TL;DR

This vulnerability in Samsung Exynos Wi-Fi drivers allows attackers to cause kernel memory exhaustion through unbounded memory allocation when writing to /proc/driver/unifi0/ap_certif_11ax_mode. This affects Samsung mobile and wearable devices using the listed Exynos processors, potentially leading to denial of service or system instability.

💻 Affected Systems

Products:

Samsung Mobile Processor Exynos 980
Samsung Mobile Processor Exynos 850
Samsung Mobile Processor Exynos 1080
Samsung Mobile Processor Exynos 1280
Samsung Mobile Processor Exynos 1330
Samsung Mobile Processor Exynos 1380
Samsung Mobile Processor Exynos 1480
Samsung Mobile Processor Exynos 1580
Samsung Wearable Processor Exynos W920
Samsung Wearable Processor Exynos W930
Samsung Wearable Processor Exynos W1000

Versions: All versions before security patch addressing CVE-2025-58345

Operating Systems: Android, Wear OS, Tizen

Default Config Vulnerable: ⚠️ Yes

Notes: Devices using these processors in Samsung smartphones, tablets, and wearables are affected. The vulnerability requires access to the /proc filesystem interface.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or kernel panic requiring hard reboot, potentially causing data loss or corruption.

🟠

Likely Case

Device becomes unresponsive or experiences performance degradation due to memory exhaustion, requiring restart.

🟢

If Mitigated

Limited impact with proper access controls preventing unauthorized write operations to the vulnerable interface.

🌐 Internet-Facing: LOW - Requires local access to the device's filesystem or specific Wi-Fi driver interface.

🏢 Internal Only: MEDIUM - Malicious apps or users with local access could trigger the vulnerability to disrupt device functionality.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires write access to the specific /proc interface, which typically requires elevated privileges or a malicious app with appropriate permissions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Samsung security updates for specific device models and patch levels

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-58345/

Restart Required: Yes

Instructions:

1. Check for security updates in device settings. 2. Apply the latest Samsung security patch for your device model. 3. Reboot the device after installation. 4. Verify the patch level in device information.

🔧 Temporary Workarounds

Restrict /proc access

linux

Limit access to the vulnerable /proc interface using file permissions or SELinux policies

chmod 600 /proc/driver/unifi0/ap_certif_11ax_mode
chown root:root /proc/driver/unifi0/ap_certif_11ax_mode

🧯 If You Can't Patch

Monitor device performance for memory exhaustion symptoms and restart if issues occur
Limit installation of untrusted applications that could potentially exploit this vulnerability

🔍 How to Verify

Check if Vulnerable:

Check if /proc/driver/unifi0/ap_certif_11ax_mode exists and is writable on affected Exynos devices

Check Version:

getprop ro.build.version.security_patch

Verify Fix Applied:

Check device security patch level in Settings > About phone > Software information

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing memory allocation failures or OOM killer activity
System logs showing abnormal /proc access patterns

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="kernel" AND ("Out of memory" OR "oom_kill" OR "allocation failure") AND process="unifi"

📊 Metadata

CVE ID: CVE-2025-58345

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-770

EPSS Score: 0.02% exploit probability (2.7th percentile)

Published: February 3, 2026

Last Updated: February 9, 2026

🔗 References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-58345/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58345, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Exynos 1080 Firmware by Samsung

Exynos 1280 Firmware by Samsung

Exynos 1330 Firmware by Samsung

Exynos 1380 Firmware by Samsung

Exynos 1480 Firmware by Samsung

Exynos 1580 Firmware by Samsung

Exynos 850 Firmware by Samsung

Exynos 980 Firmware by Samsung

Exynos W1000 Firmware by Samsung

Exynos W920 Firmware by Samsung

Exynos W930 Firmware by Samsung