cbcvebase.
CVE-2021-25337
published 2021-03-04

CVE-2021-25337: Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain…

PriorityP179high7.1CVSS 3.1
AVLACLPRNUIRSUCHIHAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-11-29
Exploited in the wild
EPSS
2.83%
84.9th percentile
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

Affected

4 ranges
VendorProductVersion rangeFixed in
samsungandroid
samsungandroid
samsungandroid
samsung_mobilesamsung_mobile_devices>= Selected P(9.0), Q(10.0), R(11.0) < SMR Mar-2021 Release 1SMR Mar-2021 Release 1

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-25337 is exploited as part of a chain with CVE-2021-25369 and CVE-2021-25370; detection should look for concurrent or sequential exploitation of all three vulnerabilities on Samsung mobile devices using Mali GPU.
  • The vulnerability allows untrusted (third-party) applications to read or write arbitrary files via the clipboard service; monitor for unusual file access patterns originating from unprivileged/untrusted apps interacting with the clipboard service.
  • CVE-2021-25369 (chained with this CVE) exposes sensitive kernel information via the sec_log file to userspace; monitor for untrusted application access to sec_log.
  • CVE-2021-25370 (chained with this CVE) causes memory corruption and kernel panic via incorrect file descriptor handling in the dpu driver on Mali GPU devices; kernel panic or crash logs on Samsung Mali GPU devices may indicate exploitation.
  • ·Vulnerability affects Samsung mobile devices prior to SMR Mar-2021 Release 1; devices patched at or after this release are not affected.
  • ·The full exploit chain (CVE-2021-25337 + CVE-2021-25369 + CVE-2021-25370) specifically targets Samsung mobile devices using Mali GPU; non-Mali GPU Samsung devices may only be partially affected.

CVSS provenance

nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
vulncheck4.4MEDIUM
cisa7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.