cbcvebase.
CVE-2021-25369
published 2021-03-26

CVE-2021-25369: An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

PriorityP277medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-11-29
Exploited in the wild
EPSS
1.12%
62.1th percentile
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

Affected

5 ranges
VendorProductVersion rangeFixed in
samsungandroid
samsungandroid
samsungandroid
samsungandroid
samsung_mobilesamsung_mobile_devices>= O(8.x), P(9.0), Q(10.0) < SMR Mar-2021 Release 1SMR Mar-2021 Release 1

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-25369 is exploited as part of a three-CVE chain; detections should account for concurrent exploitation of CVE-2021-25337 (clipboard service arbitrary file read/write) and CVE-2021-25370 (Mali GPU dpu driver memory corruption/kernel panic)
  • Target environment is Samsung Mobile Devices using Mali GPU; focus monitoring on sec_log file access from userspace processes that should not have kernel-level read access
  • Monitor for untrusted or low-privilege applications accessing the sec_log file, which should be restricted to kernel/privileged contexts only
  • ·Vulnerability is present only on Samsung Mobile Devices using Mali GPU, prior to SMR MAR-2021 Release 1; patched devices are not affected
  • ·Full exploit chain requires all three CVEs (CVE-2021-25337, CVE-2021-25369, CVE-2021-25370) to be present and unpatched on the target device

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vulncheck4.4MEDIUM
cisa7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.