CVE-2021-25489

Warnung

EPSS 0.29%
Veröffentlicht 06.10.2021 18:15:09
Zuletzt bearbeitet 14.02.2025 16:28:02
Quelle mobile.security@samsung.com
Teams Watchlist Login
Unerledigt Login

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samsung ≫ Android Version8.1 Update-

Samsung ≫ Android Version9.0 Updatesmr-apr-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-aug-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-feb-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-jan-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-jul-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-jun-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-mar-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-may-2021-r1

Samsung ≫ Android Version9.0 Updatesmr-sep-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-apr-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-aug-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-feb-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-jan-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-jul-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-jun-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-mar-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-may-2021-r1

Samsung ≫ Android Version10.0 Updatesmr-sep-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-apr-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-aug-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-feb-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-jan-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-jul-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-jun-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-mar-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-may-2021-r1

Samsung ≫ Android Version11.0 Updatesmr-sep-2021-r1

29.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Samsung Mobile Devices Improper Input Validation Vulnerability

Schwachstelle

Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.

Beschreibung

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.495

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C
mobile.security@samsung.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-25489

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25489

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25489

EUVD