CVE-2021-25369
Samsung Mobile Devices Improper Access Control Vulnerability
CVSS
—
No CVSS
EPSS
1.1%
p63
KEV
YES
Nov 8, 2022
Exploit Today
69
0-100
Published: — · Last modified: —
Product
Samsung / Mobile Devices
Vulnerability
Samsung Mobile Devices Improper Access Control Vulnerability
Added to KEV
Nov 8, 2022
Remediate by
Nov 29, 2022
Known ransomware use
No
Summary description
Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
Required action
Apply updates per vendor instructions.
Notes
https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25369