6.4

CVE-2021-25395

Warning

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.

Data is provided by the National Vulnerability Database (NVD)
SamsungAndroid Version8.1 Update-
SamsungAndroid Version9.0 Updatesmr-apr-2021-r1
SamsungAndroid Version9.0 Updatesmr-feb-2021-r1
SamsungAndroid Version9.0 Updatesmr-jan-2021-r1
SamsungAndroid Version9.0 Updatesmr-mar-2021-r1
SamsungAndroid Version10.0 Updatesmr-apr-2021-r1
SamsungAndroid Version10.0 Updatesmr-feb-2021-r1
SamsungAndroid Version10.0 Updatesmr-jan-2021-r1
SamsungAndroid Version11.0 Updatesmr-apr-2021-r1
SamsungAndroid Version11.0 Updatesmr-feb-2021-r1
SamsungAndroid Version11.0 Updatesmr-jan-2021-r1
SamsungAndroid Version11.0 Updatesmr-jul-2021-r1

29.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Samsung Mobile Devices Race Condition Vulnerability

Vulnerability

Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.

Description

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.28% 0.506
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.4 0.5 5.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P
mobile.security@samsung.com 6.4 0.5 5.9
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.