cbcvebase.
CVE-2021-25467
published 2021-10-06

CVE-2021-25467: Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege…

PriorityP428medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.11%
1.4th percentile
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.

Affected

7 ranges
VendorProductVersion rangeFixed in
ckolivaslrzip>= 0 < 0.631-1+deb9u3build0.18.04.10.631-1+deb9u3build0.18.04.1
ckolivaslrzip>= 0 < 0.631+git180528-1+deb10u1build0.20.04.10.631+git180528-1+deb10u1build0.20.04.1
ckolivaslrzip>= 0 < 0.651-2ubuntu0.22.04.10.651-2ubuntu0.22.04.1
ckolivaslrzip>= 0 < 0.616-1ubuntu0.1~esm20.616-1ubuntu0.1~esm2
ckolivaslrzip>= 0 < 0.621-1ubuntu0.1~esm20.621-1ubuntu0.1~esm2
googleandroid
samsung_mobilesamsung_mobile_devices>= R(11.0) devices with Exynos 980, 9830, 2100 chipsets < SMR Oct-2021 Release 1SMR Oct-2021 Release 1

CVSS provenance

nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.