CVE-2025-26780

Published: Jul 7, 2025Modified: Oct 27, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet.

Affected (2)

Products: Samsung: Exynos 2400 Firmware, Modem 5400 Firmware

Samsung

2 products

Exynos 2400 Firmware

Modem 5400 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Exynos 2400 Firmware	All versions

Running on/with	Platform Versions
Samsung Exynos 2400	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Modem 5400 Firmware	All versions

Running on/with	Platform Versions
Samsung Modem 5400	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Source: cve@mitre.org

Vendor Advisory

https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-26780/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.