CVE-2021-25372

Warning

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

Affected products Warnungen 1 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Android Version10.0 Updatesmr-feb-2021-r1

   Samsung ≫ Exynos 2100 Version-
   Samsung ≫ Exynos 980 Version-
   Samsung ≫ Exynos 9830 Version-

Samsung ≫ Android Version10.0 Updatesmr-jan-2021-r1

   Samsung ≫ Exynos 2100 Version-
   Samsung ≫ Exynos 980 Version-
   Samsung ≫ Exynos 9830 Version-

Samsung ≫ Android Version11.0 Updatesmr-feb-2021-r1

   Samsung ≫ Exynos 2100 Version-
   Samsung ≫ Exynos 980 Version-
   Samsung ≫ Exynos 9830 Version-

Samsung ≫ Android Version11.0 Updatesmr-jan-2021-r1

   Samsung ≫ Exynos 2100 Version-
   Samsung ≫ Exynos 980 Version-
   Samsung ≫ Exynos 9830 Version-

Samsung Mobile Devices Improper Boundary Check Vulnerability

Vulnerability

Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.

Description

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.87%	0.823

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
mobile.security@samsung.com	6.1	0.2	5.9	CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Vendor Advisory

Vendor Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD