6.4

CVE-2021-25395

Warnung
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SamsungAndroid Version8.1 Update-
SamsungAndroid Version9.0 Updatesmr-apr-2021-r1
SamsungAndroid Version9.0 Updatesmr-feb-2021-r1
SamsungAndroid Version9.0 Updatesmr-jan-2021-r1
SamsungAndroid Version9.0 Updatesmr-mar-2021-r1
SamsungAndroid Version10.0 Updatesmr-apr-2021-r1
SamsungAndroid Version10.0 Updatesmr-feb-2021-r1
SamsungAndroid Version10.0 Updatesmr-jan-2021-r1
SamsungAndroid Version11.0 Updatesmr-apr-2021-r1
SamsungAndroid Version11.0 Updatesmr-feb-2021-r1
SamsungAndroid Version11.0 Updatesmr-jan-2021-r1
SamsungAndroid Version11.0 Updatesmr-jul-2021-r1

29.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Samsung Mobile Devices Race Condition Vulnerability

Schwachstelle

Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.

Beschreibung

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.389
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 0.5 5.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
mobile.security@samsung.com 6.4 0.5 5.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.