CVE-2025-20892Double Free in Samsung Android

CWE-415Double Free4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 61.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Samsung Android
Timeline
PublishedFeb 4

Description

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 0.7 | Impact: 5.2

Affected Packages1 packages

NVDsamsung/android13.0, 14.0+1

🔴Vulnerability Details

2
GHSA
GHSA-7h9r-3w8w-w72w: Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command2025-02-04
CVEList
CVE-2025-20892: Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command2025-02-04

📋Vendor Advisories

1
Microsoft
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Lin2020-06-09
CVE-2025-20892 — Double Free in Samsung Android | cvebase