CVE-2021-25372
published 2021-03-26CVE-2021-25372: An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
PriorityP276medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-07-20
Exploited in the wild
EPSS
0.85%
53.6th percentile
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | android | — | — |
| samsung | android | — | — |
| samsung_mobile | samsung_mobile_devices | >= Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830 < SMR Mar-2021 Release 1 | SMR Mar-2021 Release 1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the DSP driver on Samsung Mobile Devices; monitor for anomalous DSP driver interactions or out-of-bounds memory access attempts targeting this component ↗
- →Samsung Mobile Devices running software prior to SMR Mar-2021 Release 1 are vulnerable; verify patch level on managed Samsung devices ↗
- ·Vendor advisory and patch details are hosted at Samsung's security update portal; consult directly for affected model/firmware scope ↗
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck6.1MEDIUM
cisa6.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qvjg-564f-22c8: An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access
ghsa_unreviewed·2022-05-24
CVE-2021-25372 [HIGH] CWE-703 GHSA-qvjg-564f-22c8: An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
VulnCheck
Samsung Mobile Devices Improper Boundary Check Vulnerability
vulncheck·2021·CVSS 6.1
CVE-2021-25372 [MEDIUM] CWE-787 Samsung Mobile Devices Improper Boundary Check Vulnerability
Samsung Mobile Devices Improper Boundary Check Vulnerability
Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
Affected: Samsung Mobile Devices
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2023-07-20
CISA
Samsung Mobile Devices Improper Boundary Check Vulnerability
cisa·2023-06-29·CVSS 6.7
CVE-2021-25372 [MEDIUM] CWE-787 Samsung Mobile Devices Improper Boundary Check Vulnerability
Vulnerability: Samsung Mobile Devices Improper Boundary Check Vulnerability
Affected: Samsung Mobile Devices
Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Notes: https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=3; https://nvd.nist.gov/vuln/detail/CVE-2021-25372
Remediation Due Date: 2023-07-20
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-26
Published
2023-06-29
Added to CISA KEV
Exploited in the wild