CVE-2021-25416

EPSS 0.03%
Veröffentlicht 11.06.2021 15:15:10
Zuletzt bearbeitet 21.11.2024 05:54:56
Quelle mobile.security@samsung.com
CVE-Watchlists
Login
Unerledigt
Login

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Android Version10.0

   Samsung ≫ Exynos 9610 Version-
   Samsung ≫ Exynos 9810 Version-
   Samsung ≫ Exynos 9820 Version-
   Samsung ≫ Exynos 9830 Version-

Google ≫ Android Version11.0

   Samsung ≫ Exynos 9610 Version-
   Samsung ≫ Exynos 9810 Version-
   Samsung ≫ Exynos 9820 Version-
   Samsung ≫ Exynos 9830 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.082

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25416

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25416

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25416

EUVD