Samsung Mobile Devices vulnerabilities

CVE-2021-25479 [HIGH] CWE-122 CVE-2021-25479: A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Relea A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

CVE-2021-25480 [HIGH] CWE-294 CVE-2021-25480: A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem pr A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.

CVE-2021-25485 [HIGH] CWE-20 CVE-2021-25485: Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attac Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.

CVE-2021-25487 [HIGH] CWE-125 CVE-2021-25487: Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2 Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

CVE-2021-25473 [MEDIUM] CWE-755 CVE-2021-25473: Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadi Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

CVE-2021-25476 [MEDIUM] CWE-1295 CVE-2021-25476: An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows at An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

CVE-2021-25489 [MEDIUM] CWE-20 CVE-2021-25489: Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.

CVE-2021-25468 [MEDIUM] CWE-20 CVE-2021-25468: A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.

CVE-2021-25488 [MEDIUM] CWE-125 CVE-2021-25488: Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.

CVE-2021-25483 [MEDIUM] CWE-125 CVE-2021-25483: Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 all Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.

CVE-2021-25474 [MEDIUM] CWE-755 CVE-2021-25474: Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspan Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

CVE-2021-25481 [MEDIUM] CWE-754 CVE-2021-25481: An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.

CVE-2021-25469 [MEDIUM] CWE-120 CVE-2021-25469: A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Rele A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.

CVE-2021-25491 [MEDIUM] CWE-476 CVE-2021-25491: A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-poin A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.

CVE-2021-25467 [MEDIUM] CWE-120 CVE-2021-25467: Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kern Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.

CVE-2021-25482 [MEDIUM] CWE-264 CVE-2021-25482: SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted appl SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.

CVE-2021-25477 [MEDIUM] CWE-415 CVE-2021-25477: An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows mod An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.

CVE-2021-25490 [MEDIUM] CWE-287 CVE-2021-25490: A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger I A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

CVE-2021-25475 [MEDIUM] CWE-122 CVE-2021-25475: A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Relea A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

CVE-2021-25486 [LOW] CWE-200 CVE-2021-25486: Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.