⚠ Actively exploited
Added to CISA KEV on 2022-11-08. Federal agencies required to patch by 2022-11-29. Required action: Apply updates per vendor instructions..
CVE-2021-25370 — Use After Free in Mobile Devices
Severity
4.4MEDIUMNVD
CNA6.1CISA7.1
EPSS
0.5%
top 34.39%
CISA KEV
KEV
Added 2022-11-08
Due 2022-11-29
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 26
KEV addedNov 8
KEV dueNov 29
CISA Required Action: Apply updates per vendor instructions.
Description
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6
Affected Packages2 packages
▶CVEListV5samsung_mobile/samsung_mobile_devicesSelected O(8.X), P(9.0), Q(10.0), R(11.0) — SMR Mar-2021 Release 1
🔴Vulnerability Details
6Project0▶
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain - Project Zero↗2022-11-01
GHSA▶
GHSA-hhhg-3qxh-mmh3: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel pani↗2022-05-24
CVEList▶
CVE-2021-25370: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel pani↗2021-03-26