Samsung Modem Interface Driver prior SMR Oct-2021 Release 1 set_skb_priv out-of-bounds
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in Samsung Modem Interface Driver. Affected by this issue is the function set_skb_priv. Executing a manipulation can lead to out-of-bounds.
This vulnerability is handled as CVE-2021-25487. The attack can be executed remotely. Additionally, an exploit exists.
You should upgrade the affected component.
Details
A vulnerability was found in Samsung Modem Interface Driver (Hardware Driver Software). It has been declared as critical. This vulnerability affects the function set_skb_priv. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was released 10/07/2021. The advisory is shared for download at security.samsungmobile.com. This vulnerability was named CVE-2021-25487 since 01/19/2021. Technical details and also a exploit are known.
It is declared as attacked. This issue was added on 06/29/2023 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 07/20/2023:
Apply updates per vendor instructions or discontinue use of the product if updates are unavailableUpgrading to version SMR Oct-2021 Release 1 eliminates this vulnerability.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.samsung.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.1VulDB Meta Temp Score: 7.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.8
NVD Vector: 🔍
CNA Base Score: 7.3
CNA Vector (Samsung Mobile): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Modem Interface Driver SMR Oct-2021 Release 1
Timeline
01/19/2021 🔍10/07/2021 🔍
10/07/2021 🔍
02/14/2025 🔍
Sources
Vendor: samsung.comAdvisory: security.samsungmobile.com
Status: Confirmed
CVE: CVE-2021-25487 (🔍)
GCVE (CVE): GCVE-0-2021-25487
GCVE (VulDB): GCVE-100-183976
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 10/07/2021 08:49Updated: 02/14/2025 18:04
Changes: 10/07/2021 08:49 (49), 10/10/2021 08:45 (1), 04/29/2024 07:10 (27), 09/28/2024 14:50 (1), 02/14/2025 18:04 (19)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.