5.5
CVE-2021-25489
- EPSS 0.29%
- Published 06.10.2021 18:15:09
- Last modified 14.02.2025 16:28:02
- Source mobile.security@samsung.com
- Teams watchlist Login
- Open Login
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
Data is provided by the National Vulnerability Database (NVD)
29.06.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Samsung Mobile Devices Improper Input Validation Vulnerability
VulnerabilitySamsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
DescriptionApply updates per vendor instructions or discontinue use of the product if updates are unavailable
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.495 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
| mobile.security@samsung.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.