7.2

CVE-2021-25371

Warning

A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.

Data is provided by the National Vulnerability Database (NVD)
SamsungAndroid Version10.0 Updatesmr-feb-2021-r1
   SamsungExynos 2100 Version-
   SamsungExynos 980 Version-
   SamsungExynos 9830 Version-
SamsungAndroid Version10.0 Updatesmr-jan-2021-r1
   SamsungExynos 2100 Version-
   SamsungExynos 980 Version-
   SamsungExynos 9830 Version-
SamsungAndroid Version11.0 Updatesmr-feb-2021-r1
   SamsungExynos 2100 Version-
   SamsungExynos 980 Version-
   SamsungExynos 9830 Version-
SamsungAndroid Version11.0 Updatesmr-jan-2021-r1
   SamsungExynos 2100 Version-
   SamsungExynos 980 Version-
   SamsungExynos 9830 Version-

29.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Samsung Mobile Devices Unspecified Vulnerability

Vulnerability

Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.

Description

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.52% 0.848
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
mobile.security@samsung.com 6.1 0.2 5.9
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.