← back
CVE-2021-25370

CVE-2021-25370

CVSS 6.1 MEDIUMEPSS 0.9%● KEVCWE-703
In short

The dpu driver incorrectly manages file descriptors, causing memory corruption that can crash the kernel. This affects systems using the driver before the March 2021 patch.

Technical detail

An improper handling of file descriptors in the dpu driver allows memory corruption through CWE-703 (improper check or handling of exceptional conditions). Exploitation requires local access to interact with the driver; successful exploitation leads to kernel panic and denial of service.

Summary generated and translated by AI from the official description.
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.comhttps://security.samsungmobile.com/securityUpdate.smsbhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25370