CVE-2021-25490
published 2021-10-06CVE-2021-25490: A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
PriorityP427medium6CVSS 3.1
AVLACLPRHUINSUCHIHAN
EPSS
0.75%
50.4th percentile
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| samsung_mobile | samsung_mobile_devices | >= P(9.0), Q(10.0), R(11.0) < SMR Oct-2021 Release 1 | SMR Oct-2021 Release 1 |
CVSS provenance
nvdv3.16.0MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Trailofbits
Themes from Real World Crypto 2022
blogs_trailofbits·2022-05-03
Themes from Real World Crypto 2022
Last week, over 500 cryptographers from around the world gathered in Amsterdam for Real World Crypto 2022, meeting in person for the first time in over two years.
As in previous years, we dispatched a handful of our researchers and engineers to attend the conference, listen to talks, and schmooze observe the themes currently dominating the nexus between cryptographic research and practical (real world!) engineering.
Here are the major themes we gleaned from Real World Crypto 2022:
1. Trusted hardware isn’t so trustworthy: Implementers of trusted hardware (whether trusted execution environments (TEEs), HSMs, or secure enclaves) continue to make engineering mistakes that fundamentally violate the integrity promises made by the hardware.
2. Security tooling is still too difficult to use: O
Trailofbits
Themes from Real World Crypto 2022
blogs_trailofbits·2022-05-03
Themes from Real World Crypto 2022
Last week, over 500 cryptographers from around the world gathered in Amsterdam for Real World Crypto 2022, meeting in person for the first time in over two years.
As in previous years , we dispatched a handful of our researchers and engineers to attend the conference, listen to talks, and schmooze observe the themes currently dominating the nexus between cryptographic research and practical (real world!) engineering.
Here are the major themes we gleaned from Real World Crypto 2022:
Trusted hardware isn’t so trustworthy : Implementers of trusted hardware (whether trusted execution environments (TEEs), HSMs, or secure enclaves) continue to make engineering mistakes that fundamentally violate the integrity promises made by the hardware.
./configure && make && make install
Side channels e
Checkpoint
7th March – Threat Intelligence Report
blogs_checkpoint·2022-03-07
CVE-2021-25444 7th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 7th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 7th March, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Check Point Research reports on cyber criminals’ and hacktivists’ increased activity leveraging Telegram amid the Russia-Ukraine war. Anti-Russian cyber-attack groups have been growing, while others claiming to fundraise for Ukraine are suspected to be fraudulent.
Ukraine “IT army” consisting of cyber-operatives and volunteers
2021-10-06
Published