CVE-2021-25487
published 2021-10-06CVE-2021-25487: Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary…
PriorityP277high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-07-20
Exploited in the wild
EPSS
0.62%
45.2th percentile
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | android | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung_mobile | samsung_mobile_devices | >= O(8.1), P(9.0), Q(10.0), R(11.0) < SMR Oct-2021 Release 1 | SMR Oct-2021 Release 1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target function for vulnerability is set_skb_priv() in the Samsung modem interface driver; monitor for exploitation attempts triggering OOB read in this function leading to invalid function pointer dereference ↗
- →Exploitation results in arbitrary code execution via dereference of an invalid function pointer — look for kernel-level crashes or unexpected code execution originating from the modem interface driver on Samsung mobile devices ↗
- ·Vulnerability affects Samsung Mobile Devices prior to SMR Oct-2021 Release 1; devices patched at or after this release are not vulnerable ↗
- ·Vendor advisory and patch details are available at the Samsung Mobile Security update page for October 2021 ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.3HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
cisa·2023-06-29·CVSS 7.8
CVE-2021-25487 [HIGH] CWE-125 Samsung Mobile Devices Out-of-Bounds Read Vulnerability
Vulnerability: Samsung Mobile Devices Out-of-Bounds Read Vulnerability
Affected: Samsung Mobile Devices
Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Notes: https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25487
Remediation Due Date: 2023-07-20
GHSA
GHSA-4fpw-j345-q48r: Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in ar
ghsa_unreviewed·2022-05-24
CVE-2021-25487 [HIGH] CWE-125 GHSA-4fpw-j345-q48r: Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in ar
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
VulnCheck
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
vulncheck·2021·CVSS 7.3
CVE-2021-25487 [HIGH] CWE-125 Samsung Mobile Devices Out-of-Bounds Read Vulnerability
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
Affected: Samsung Mobile Devices
Required Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2023-07-20
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-06
Published
2023-06-29
Added to CISA KEV
Exploited in the wild