cbcvebase.
CVE-2021-25370
published 2021-03-26

CVE-2021-25370: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

PriorityP276medium4.4CVSS 3.1
AVLACLPRHUINSUCNINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-11-29
Exploited in the wild
EPSS
0.89%
54.9th percentile
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

Affected

6 ranges
VendorProductVersion rangeFixed in
samsungandroid
samsungandroid
samsungandroid
samsungandroid
samsungandroid
samsung_mobilesamsung_mobile_devices>= Selected O(8.X), P(9.0), Q(10.0), R(11.0) < SMR Mar-2021 Release 1SMR Mar-2021 Release 1

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-25370 is exploited as part of a chain with CVE-2021-25337 (clipboard service improper access control) and CVE-2021-25369 (sec_log file improper access control on Mali GPU devices); detection should consider all three CVEs together.
  • The vulnerability targets the dpu driver on Samsung mobile devices using Mali GPU, resulting in memory corruption and kernel panic; monitor for unexpected kernel panics on Samsung Mali GPU devices as a potential exploitation indicator.
  • The exploit chain begins with CVE-2021-25337 (clipboard service arbitrary file read/write by untrusted apps) to stage further exploitation; monitor for untrusted applications accessing clipboard service files unexpectedly.
  • CVE-2021-25369 (sec_log file exposure) is used in the chain to leak sensitive kernel information to userspace on Mali GPU devices; monitor for userspace processes reading sec_log.
  • ·Vulnerability is specific to Samsung mobile devices using Mali GPU; devices not using Mali GPU or patched beyond SMR Mar-2021 Release 1 are not affected by CVE-2021-25370.

CVSS provenance

nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vulncheck4.4MEDIUM
cisa7.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.