Primary

Context

Samsung Exynos Fastboot USB Interface Improper Input Validation Vulnerability Allowing Arbitrary Code Execution in Bootloader

Vulnerability

A vulnerability exists in the Exynos Fastboot USB interface on select devices running Android 11, 12, or 13, prior to the April 2023 Security Maintenance Release. This vulnerability allows a physical attacker to execute arbitrary code in the bootloader due to improper input validation. The issue was privately disclosed and is part of a broader set of vulnerabilities addressed in the April 2023 SMR.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the bootloader, which could potentially be used to compromise the device at a low level, such as unlocking the bootloader or flashing a custom recovery.

Remediation

Users can update their devices to the April 2023 Security Maintenance Release to address this vulnerability.

Added: Sep 3, 2025, 6:38 AM

Updated: Sep 3, 2025, 6:38 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Exynos Fastboot USB Interface Improper Input Validation Vulnerability Allowing Arbitrary Code Execution in Bootloader

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating