7.2

CVE-2021-25371

Warnung

A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SamsungAndroid Version10.0 Updatesmr-feb-2021-r1
   SamsungExynos 2100 Version-
   SamsungExynos 980 Version-
   SamsungExynos 9830 Version-
SamsungAndroid Version10.0 Updatesmr-jan-2021-r1
   SamsungExynos 2100 Version-
   SamsungExynos 980 Version-
   SamsungExynos 9830 Version-
SamsungAndroid Version11.0 Updatesmr-feb-2021-r1
   SamsungExynos 2100 Version-
   SamsungExynos 980 Version-
   SamsungExynos 9830 Version-
SamsungAndroid Version11.0 Updatesmr-jan-2021-r1
   SamsungExynos 2100 Version-
   SamsungExynos 980 Version-
   SamsungExynos 9830 Version-

29.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Samsung Mobile Devices Unspecified Vulnerability

Schwachstelle

Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.

Beschreibung

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.52% 0.848
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
mobile.security@samsung.com 6.1 0.2 5.9
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.