← back
CVE-2021-25395

CVE-2021-25395

CVSS 6.4 MEDIUMEPSS 0.4%● KEVCWE-362
In short

A timing flaw in the MFC charger driver allows an attacker with radio access to skip security checks that normally verify software authenticity. This could let someone install unauthorized code on the device.

Technical detail

A race condition in the MFC charger driver (pre-May 2021 Release 1) permits bypass of signature verification when radio privileges are compromised. The vulnerability exists in the driver's authentication mechanism during concurrent operations, enabling local attackers to deploy unsigned firmware or malicious code without proper validation.

Summary generated and translated by AI from the official description.
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25395