cbcvebase.
CVE-2021-25487
published 2021-10-06

CVE-2021-25487: Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary…

PriorityP277high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-07-20
Exploited in the wild
EPSS
0.62%
45.2th percentile
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

Affected

5 ranges
VendorProductVersion rangeFixed in
samsungandroid
samsungandroid
samsungandroid
samsungandroid
samsung_mobilesamsung_mobile_devices>= O(8.1), P(9.0), Q(10.0), R(11.0) < SMR Oct-2021 Release 1SMR Oct-2021 Release 1

Detection & IOCsextracted from sources · hover to see the quote

  • Target function for vulnerability is set_skb_priv() in the Samsung modem interface driver; monitor for exploitation attempts triggering OOB read in this function leading to invalid function pointer dereference
  • Exploitation results in arbitrary code execution via dereference of an invalid function pointer — look for kernel-level crashes or unexpected code execution originating from the modem interface driver on Samsung mobile devices
  • ·Vulnerability affects Samsung Mobile Devices prior to SMR Oct-2021 Release 1; devices patched at or after this release are not vulnerable
  • ·Vendor advisory and patch details are available at the Samsung Mobile Security update page for October 2021

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.3HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.