CVE-2021-25467
published 2021-10-06CVE-2021-25467: Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege…
PriorityP428medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.11%
1.4th percentile
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ckolivas | lrzip | >= 0 < 0.631-1+deb9u3build0.18.04.1 | 0.631-1+deb9u3build0.18.04.1 |
| ckolivas | lrzip | >= 0 < 0.631+git180528-1+deb10u1build0.20.04.1 | 0.631+git180528-1+deb10u1build0.20.04.1 |
| ckolivas | lrzip | >= 0 < 0.651-2ubuntu0.22.04.1 | 0.651-2ubuntu0.22.04.1 |
| ckolivas | lrzip | >= 0 < 0.616-1ubuntu0.1~esm2 | 0.616-1ubuntu0.1~esm2 |
| ckolivas | lrzip | >= 0 < 0.621-1ubuntu0.1~esm2 | 0.621-1ubuntu0.1~esm2 |
| android | — | — | |
| samsung_mobile | samsung_mobile_devices | >= R(11.0) devices with Exynos 980, 9830, 2100 chipsets < SMR Oct-2021 Release 1 | SMR Oct-2021 Release 1 |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
lrzip vulnerabilities
osv·2023-02-02·CVSS 5.5
CVE-2020-25467 lrzip vulnerabilities
lrzip vulnerabilities
It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an automated system were tricked into opening a certain
specially crafted ZIP file, an attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 14.04 ESM,
Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2020-25467)
It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an automated system were tricked into opening a certain
specially crafted ZIP file, an attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-27345, CVE-2021-27347)
It was discovered that Long Range ZIP incorrectly handled pointers. If
a user or an au
GHSA
GHSA-4wr2-63fw-56rx: Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows p
ghsa_unreviewed·2022-05-24
CVE-2021-25467 [HIGH] CWE-120 GHSA-4wr2-63fw-56rx: Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows p
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-06
Published