cbcvebase.
CVE-2021-25372
published 2021-03-26

CVE-2021-25372: An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

PriorityP276medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-07-20
Exploited in the wild
EPSS
0.85%
53.6th percentile
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

Affected

3 ranges
VendorProductVersion rangeFixed in
samsungandroid
samsungandroid
samsung_mobilesamsung_mobile_devices>= Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830 < SMR Mar-2021 Release 1SMR Mar-2021 Release 1

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the DSP driver on Samsung Mobile Devices; monitor for anomalous DSP driver interactions or out-of-bounds memory access attempts targeting this component
  • Samsung Mobile Devices running software prior to SMR Mar-2021 Release 1 are vulnerable; verify patch level on managed Samsung devices
  • ·Vendor advisory and patch details are hosted at Samsung's security update portal; consult directly for affected model/firmware scope

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck6.1MEDIUM
cisa6.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.