CVE-2021-25487
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
CVSS
—
No CVSS
EPSS
0.6%
p45
KEV
YES
Jun 29, 2023
Exploit Today
63
0-100
Published: — · Last modified: —
Product
Samsung / Mobile Devices
Vulnerability
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
Added to KEV
Jun 29, 2023
Remediate by
Jul 20, 2023
Known ransomware use
No
Summary description
Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
Required action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25487