CVE-2021-25487

Warning

EPSS 0.93%
Published 06.10.2021 18:15:09
Last modified 14.02.2025 16:29:53
Source mobile.security@samsung.com
Teams watchlist Login
Open Login

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

Affected products Warnungen 1 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Samsung ≫ Android Version8.1 Update-

Samsung ≫ Android Version9.0 Updatesmr-apr-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-aug-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-feb-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-jan-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-jul-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-jun-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-mar-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-may-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-sep-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-apr-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-aug-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-feb-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-jan-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-jul-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-jun-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-mar-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-may-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-sep-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-apr-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-aug-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-feb-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-jan-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-jul-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-jun-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-mar-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-may-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-sep-2021-r1

29.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Samsung Mobile Devices Out-of-Bounds Read Vulnerability

Vulnerability

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

Description

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.93%	0.74

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
mobile.security@samsung.com	7.3	2	4.7	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25487

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25487

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25487

EUVD