The vulnerability is a pre-authentication out-of-bounds write in the decompression routine of the Odin/LOKE download-mode image in the bootloader of Snapdragon SM8250-based Samsung Galaxy devices (Note20 SM-N986U, S20/+/Ultra SM-G98xU, Z Fold2 SM-F916U, Z Flip 5G SM-F707U). An attacker-controlled copy length exceeds the decompression staging buffer before signature verification, corrupting live UEFI memory, specifically the Graphics Output Protocol. This corruption causes the device to reboot out of Download Mode with a visible error message. The flaw results in a recoverable denial of service without code execution or persistent storage modification. It affects US Snapdragon SKUs on their final firmware, all end-of-life, and has been fixed in supported devices. Exynos variants are unaffected due to different bootloader implementations.

The vulnerability allows an unauthenticated attacker to cause a denial of service by triggering an out-of-bounds write in the bootloader decompression process. This leads to corruption of UEFI memory and forces the device to reboot out of Download Mode. There is no code execution or permanent data corruption, and the DoS is recoverable. The impact is limited to device availability during the attack window and requires physical or logical access to Download Mode.

The vulnerability has been patched in supported Samsung devices including the S20 FE and all S21 through S25 models. End-of-life affected devices (US Snapdragon SKUs) remain vulnerable on their final firmware. Users should update to supported patched firmware if possible. Since this is a bootloader-level issue affecting end-of-life devices, no official fix is available for those models. Avoid placing vulnerable devices in Download Mode when untrusted parties have access. No further mitigation is indicated by the vendor research.