Primary

Context

Samsung Exynos Fastboot USB Interface Improper Input Validation Vulnerability Allowing Arbitrary Code Execution in Bootloader

Vulnerability

Patched

A vulnerability exists in the Exynos Fastboot USB interface on select Android 11, 12, and 13 devices, prior to the April 2023 Security Maintenance Release. This vulnerability allows a physical attacker to execute arbitrary code in the bootloader due to improper input validation. The issue was privately disclosed and is part of the Samsung Vulnerabilities and Exposures (SVE) program.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the bootloader, which could potentially be used to compromise the device at a low level, such as unlocking the bootloader or modifying the operating system.

Remediation

Users can apply the April 2023 Security Maintenance Release, which includes the necessary patch for this vulnerability.

Added: Sep 3, 2025, 6:28 AM

Updated: Sep 3, 2025, 6:28 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

1.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

7.5

exploitability

1.2

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Exynos Fastboot USB Interface Improper Input Validation Vulnerability Allowing Arbitrary Code Execution in Bootloader

Vulnerability

Impact

Remediation

Affected Products

Samsung Exynos Fastboot USB Interface

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating