⚠ Actively exploited
Added to CISA KEV on 2023-06-29. Federal agencies required to patch by 2023-07-20. Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
CVE-2021-25372 — Out-of-bounds Write in Mobile Devices
Severity
6.7MEDIUMNVD
CNA6.1VulnCheck6.1
EPSS
1.8%
top 17.38%
CISA KEV
KEV
Added 2023-06-29
Due 2023-07-20
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 26
KEV addedJun 29
KEV dueJul 20
CISA Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Description
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages2 packages
▶CVEListV5samsung_mobile/samsung_mobile_devicesQ(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830 — SMR Mar-2021 Release 1