CVE-2021-25370
published 2021-03-26CVE-2021-25370: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
PriorityP276medium4.4CVSS 3.1
AVLACLPRHUINSUCNINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-11-29
Exploited in the wild
EPSS
0.89%
54.9th percentile
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | android | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung_mobile | samsung_mobile_devices | >= Selected O(8.X), P(9.0), Q(10.0), R(11.0) < SMR Mar-2021 Release 1 | SMR Mar-2021 Release 1 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-25370 is exploited as part of a chain with CVE-2021-25337 (clipboard service improper access control) and CVE-2021-25369 (sec_log file improper access control on Mali GPU devices); detection should consider all three CVEs together. ↗
- →The vulnerability targets the dpu driver on Samsung mobile devices using Mali GPU, resulting in memory corruption and kernel panic; monitor for unexpected kernel panics on Samsung Mali GPU devices as a potential exploitation indicator. ↗
- →The exploit chain begins with CVE-2021-25337 (clipboard service arbitrary file read/write by untrusted apps) to stage further exploitation; monitor for untrusted applications accessing clipboard service files unexpectedly. ↗
- →CVE-2021-25369 (sec_log file exposure) is used in the chain to leak sensitive kernel information to userspace on Mali GPU devices; monitor for userspace processes reading sec_log. ↗
- ·Vulnerability is specific to Samsung mobile devices using Mali GPU; devices not using Mali GPU or patched beyond SMR Mar-2021 Release 1 are not affected by CVE-2021-25370. ↗
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vulncheck4.4MEDIUM
cisa7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Project0
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain - Project Zero
project_zero·2022-11-01·CVSS 4.4
CVE-2019-2215 [MEDIUM] A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain - Project Zero
Posted by Maddie Stone, Project Zero
Note: The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, CVE-2021-25370. To ensure your Samsung device is up-to-date under settings you can check that your device is running SMR Mar-2021 or later.
As defenders, in-the-wild exploit samples give us important insight into what attackers are really doing. We get the “ground truth” data about the vulnerabilities and exploit techniques they’re using, which then informs our further research and guidance to security teams on what could have the biggest impact or return on investment. To do this, we need to know that the vulnerabilities and exploit samples were found in-the-wild. Over the past few years the
GHSA
GHSA-hhhg-3qxh-mmh3: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel pani
ghsa_unreviewed·2022-05-24
CVE-2021-25370 [MEDIUM] CWE-416 GHSA-hhhg-3qxh-mmh3: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel pani
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
VulnCheck
Samsung Mobile Devices Memory Corruption Vulnerability
vulncheck·2021·CVSS 4.4
CVE-2021-25370 [MEDIUM] CWE-416 Samsung Mobile Devices Memory Corruption Vulnerability
Samsung Mobile Devices Memory Corruption Vulnerability
Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.
Affected: Samsung Mobile Devices
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-11-29
VulnCheck
Samsung Mobile Devices Improper Access Control Vulnerability
vulncheck·2021·CVSS 4.4
CVE-2021-25369 [MEDIUM] CWE-200 Samsung Mobile Devices Improper Access Control Vulnerability
Samsung Mobile Devices Improper Access Control Vulnerability
Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
Affected: Samsung Mobile Devices
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; http
VulnCheck
Samsung Mobile Devices Improper Access Control Vulnerability
vulncheck·2021·CVSS 4.4
CVE-2021-25337 [MEDIUM] CWE-269 Samsung Mobile Devices Improper Access Control Vulnerability
Samsung Mobile Devices Improper Access Control Vulnerability
Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.
Affected: Samsung Mobile Devices
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-11-29
CISA
Samsung Mobile Devices Improper Access Control Vulnerability
cisa·2022-11-08·CVSS 7.1
CVE-2021-25369 [HIGH] CWE-200 Samsung Mobile Devices Improper Access Control Vulnerability
Vulnerability: Samsung Mobile Devices Improper Access Control Vulnerability
Affected: Samsung Mobile Devices
Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
Required Action: Apply updates per vendor instructions.
Notes: https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25369
Remediation Due Date: 2022-11-29
CISA
Samsung Mobile Devices Improper Access Control Vulnerability
cisa·2022-11-08·CVSS 7.1
CVE-2021-25337 [HIGH] CWE-269 Samsung Mobile Devices Improper Access Control Vulnerability
Vulnerability: Samsung Mobile Devices Improper Access Control Vulnerability
Affected: Samsung Mobile Devices
Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.
Required Action: Apply updates per vendor instructions.
Notes: https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25337
Remediation Due Date: 2022-11-29
CISA
Samsung Mobile Devices Memory Corruption Vulnerability
cisa·2022-11-08·CVSS 7.1
CVE-2021-25370 [HIGH] CWE-416 Samsung Mobile Devices Memory Corruption Vulnerability
Vulnerability: Samsung Mobile Devices Memory Corruption Vulnerability
Affected: Samsung Mobile Devices
Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.
Required Action: Apply updates per vendor instructions.
Notes: https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25370
Remediation Due Date: 2022-11-29
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-26
Published
2022-11-08
Added to CISA KEV
Exploited in the wild