Introduction
A single malformed wireless packet can instantly disable mobile connectivity on millions of Samsung Galaxy smartphones and wearables. CVE-2025-26782 exposes a critical flaw in the radio protocol stack of Exynos processors, allowing attackers within radio range to trigger a denial of service condition without user interaction. This vulnerability impacts a broad range of Samsung devices, including flagship phones, midrange models, and smartwatches, with significant implications for device reliability and operational security.
About Samsung Exynos and the Involved Technology: Samsung is one of the world's largest semiconductor manufacturers, powering hundreds of millions of devices globally with its Exynos line of system-on-chips. These processors are used in smartphones, wearables, and standalone modems. The Exynos platform is a cornerstone of Samsung's mobile device strategy, particularly in Europe, Asia, and emerging markets.
Technical Information
CVE-2025-26782 is a denial of service vulnerability in the Layer 2 (L2) Radio Link Control (RLC) Acknowledged Mode (AM) protocol implementation of Samsung Exynos baseband firmware. The flaw arises from incorrect handling of RLC AM Protocol Data Units (PDUs) during wireless packet processing. The RLC layer sits below the encryption and authentication layers in the LTE and 5G protocol stack, meaning that malformed packets can reach the vulnerable code path before any cryptographic validation occurs.
Key technical details:
- The vulnerability is triggered by specially crafted RLC AM PDUs sent over the air.
- Attackers do not require authentication or prior access to the device.
- Exploitation leads to uncontrolled resource consumption (CWE-400), causing the modem to crash or hang, resulting in loss of cellular connectivity.
- The device remains offline until rebooted or reset.
- The issue was discovered and analyzed using the LLFuzz framework by researchers at KAIST SysSec Lab.
No public code snippets or protocol field breakdowns are available. The root cause is insufficient validation or incorrect state handling in the RLC AM PDU processing logic.
Affected Systems and Versions (MUST BE SPECIFIC)
The following Samsung Exynos processors and modems are affected:
- Exynos 9820
- Exynos 9825
- Exynos 980
- Exynos 990
- Exynos 850
- Exynos 1080
- Exynos 2100
- Exynos 1280
- Exynos 2200
- Exynos 1330
- Exynos 1380
- Exynos 1480
- Exynos 9110
- Exynos W920
- Exynos W930
- Exynos Modem 5123
- Exynos Modem 5300
These chipsets are used in a wide range of Samsung Galaxy S, A, M series smartphones, Galaxy Watch models, and other connected devices. Exact device models and version ranges can be cross-referenced via Samsung's official advisory and device model lists.
Vendor Security History
Samsung has a documented history of baseband and protocol stack vulnerabilities, including:
- Multiple critical Exynos modem vulnerabilities disclosed by Google Project Zero in 2023 (Project Zero blog)
- Buffer overflow and protocol parsing flaws in RLC and related layers, reported by academic and independent researchers
- Patch response times vary, with flagship devices typically patched more quickly than midrange or carrier-locked models
- Samsung maintains a public security update portal and coordinates with external researchers