CVE-2021-25477
published 2021-10-06CVE-2021-25477: An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
PriorityP419medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
0.48%
38.0th percentile
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| samsung_mobile | samsung_mobile_devices | >= P(9.0), Q(10.0), R(11.0) < SMR Oct-2021 Release 1 | SMR Oct-2021 Release 1 |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r436-49p3-g4hr: An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service
ghsa_unreviewed·2022-05-24
CVE-2021-25477 [MEDIUM] CWE-415 GHSA-r436-49p3-g4hr: An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
OSV
CVE-2021-25477: In Modem LTE RRC, there is a possible memory corruption due to a double free
osv·2022-04-01
CVE-2021-25477 CVE-2021-25477: In Modem LTE RRC, there is a possible memory corruption due to a double free
In Modem LTE RRC, there is a possible memory corruption due to a double free. This could lead to remote denial of service when decoding an incorrect ASN.1 data with no additional execution privileges needed. User interaction is not needed for exploitation.
Android
CVE-2021-25477: Modem LTE RRC
vendor_android·2022-04-01·CVSS 4.4
CVE-2021-25477 [MEDIUM] CVE-2021-25477: Modem LTE RRC
Android Security Bulletin 2022-04-01
CVE: CVE-2021-25477
Severity: HIGH
Component: Modem LTE RRC
References: A-220262213
M-MOLY00684727
*
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-06
Published