CVE-2025-58346 is a kernel-level vulnerability found in the Wi-Fi driver of several Samsung Exynos processors, including models 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, and wearable processors W920, W930, and W1000. The vulnerability arises from an unbounded memory allocation triggered by writing a large buffer to the /proc/driver/unifi0/send_addts interface. This interface is used for managing Wi-Fi traffic streams, specifically adding traffic stream (addts) requests. Due to improper input validation or lack of size constraints, an attacker with local access can write an excessively large buffer, causing the kernel to allocate memory without bounds. This leads to kernel memory exhaustion, which can result in denial of service by crashing the kernel or severely degrading system performance. The vulnerability is local and requires access to the device, but no authentication is needed once access is obtained. There are no known exploits in the wild, and no patches have been published at the time of disclosure. The affected processors are widely used in Samsung mobile phones and wearable devices, making this a significant concern for users and organizations relying on these devices. The vulnerability does not appear to allow privilege escalation or direct data compromise but can disrupt device availability and reliability. The lack of a CVSS score indicates the need for an expert severity assessment based on the impact and exploitability factors.

For European organizations, the primary impact of CVE-2025-58346 is the potential for denial of service on Samsung devices using the affected Exynos processors. This could disrupt mobile communications, device availability, and operational continuity, especially in environments where Samsung smartphones and wearables are integral to business processes or employee communications. Critical sectors such as finance, healthcare, and government could experience operational degradation if devices become unstable or crash due to kernel memory exhaustion. While the vulnerability does not directly compromise data confidentiality or integrity, the loss of device availability can indirectly affect security monitoring, incident response, and secure communications. Organizations with large deployments of Samsung devices may face increased support costs and operational risks until patches are available. Additionally, the vulnerability could be leveraged in targeted attacks where adversaries gain local access, such as through physical device access or via compromised applications that can write to the vulnerable interface.

1. Restrict access to the /proc/driver/unifi0/send_addts interface by enforcing strict permissions and limiting which processes or users can write to it. 2. Monitor device logs and performance metrics for signs of abnormal memory usage or crashes related to the Wi-Fi driver. 3. Implement endpoint protection solutions that can detect and block suspicious local activities attempting to exploit this interface. 4. Educate users and administrators about the risks of granting local access to untrusted applications or users. 5. Maintain an inventory of Samsung devices with affected Exynos processors to prioritize patching once updates become available. 6. Coordinate with Samsung and mobile device management (MDM) vendors to receive timely security updates and deploy patches promptly. 7. Consider temporary network segmentation or usage restrictions for devices that cannot be immediately patched to reduce exposure. 8. Evaluate the possibility of disabling or limiting Wi-Fi functionalities on critical devices if feasible until a patch is applied.