Samsung Exynos Processors Out-of-Bounds Read Vulnerability in NPU Driver

Vulnerability

A medium-severity out-of-bounds read vulnerability has been identified in the NPU driver of Samsung Mobile Processor Exynos, affecting versions through July 2025. The issue arises in the '__is_done_for_me' function, where 'q->bufs[]' is accessed without proper bounds checking.

Impact

Exploitation of this vulnerability leads to an out-of-bounds read, which can potentially be used to read sensitive information or cause a denial-of-service condition.

Added: Nov 4, 2025, 5:24 PM

Updated: Nov 4, 2025, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.7

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.7

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Samsung Exynos Processors Out-of-Bounds Read Vulnerability in NPU Driver

Vulnerability

Impact

Affected Products

Samsung Exynos 1380

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating