Samsung Mobile Processor/Wearable Processor Exynos up to 2200 Wi-Fi Driver ap_certif_11ax_mode memory allocation
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Samsung Mobile Processor and Wearable Processor Exynos up to 2200. It has been rated as problematic. This affects an unknown part of the file /proc/driver/unifi0/ap_certif_11ax_mode of the component Wi-Fi Driver. This manipulation causes memory allocation. This vulnerability is handled as CVE-2025-58345. There is not any exploit available.
Details
A vulnerability classified as problematic was found in Samsung Mobile Processor and Wearable Processor Exynos up to 2200. Affected by this vulnerability is an unknown function of the file /proc/driver/unifi0/ap_certif_11ax_mode of the component Wi-Fi Driver. The manipulation with an unknown input leads to a memory allocation vulnerability. The CWE definition for the vulnerability is CWE-789. The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. As an impact it is known to affect availability. The summary by CVE is:
An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/ap_certif_11ax_mode write operation, leading to kernel memory exhaustion.
It is possible to read the advisory at semiconductor.samsung.com. This vulnerability is known as CVE-2025-58345 since 08/29/2025. Technical details of the vulnerability are known, but there is no available exploit.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.samsung.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.6
VulDB Base Score: 5.7
VulDB Temp Score: 5.7
VulDB Vector: 🔒
VulDB Reliability: 🔍
ADP CISA Base Score: 5.5
ADP CISA Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Memory allocationCWE: CWE-789 / CWE-400 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔒
Timeline
08/29/2025 CVE reserved02/03/2026 Advisory disclosed
02/03/2026 VulDB entry created
02/10/2026 VulDB entry last update
Sources
Vendor: samsung.comAdvisory: semiconductor.samsung.com
Status: Confirmed
CVE: CVE-2025-58345 (🔒)
GCVE (CVE): GCVE-0-2025-58345
GCVE (VulDB): GCVE-100-344071
Entry
Created: 02/03/2026 21:05Updated: 02/10/2026 11:13
Changes: 02/03/2026 21:05 (54), 02/05/2026 12:03 (1), 02/10/2026 11:13 (11)
Complete: 🔍
Cache ID: 216:224:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.