CVE-2025-20901
Description
Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds memory read in Samsung's Blockchain Keystore before 1.3.16.5 lets a local privileged attacker access out-of-bounds memory.
Vulnerability
An out-of-bounds read vulnerability exists in the Blockchain Keystore component on Samsung devices prior to version 1.3.16.5. The flaw resides in the keystore process handling of memory bounds, allowing a local privileged attacker to read memory outside the intended buffer [1].
Exploitation
To exploit this vulnerability, an attacker requires local access to the device with elevated privileges. No specific sequence of steps is disclosed in the available references, but the condition involves triggering the out-of-bounds read through the Blockchain Keystore API or service [1].
Impact
Successful exploitation allows an attacker with local privileged access to read out-of-bounds memory from the kernel or other processes, potentially leaking sensitive information such as cryptographic keys or data from other applications [1].
Mitigation
The vulnerability is fixed in Blockchain Keystore version 1.3.16.5, released as part of the January 2025 Security Maintenance Release (SMR) for Samsung mobile devices. Users are advised to install the latest firmware update. No workarounds have been published [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 1.3.16.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.