← back
CVE-2021-25487

CVE-2021-25487

CVSS 7.3 HIGHEPSS 0.6%● KEVCWE-125
In short

A modem driver fails to check buffer boundaries, allowing someone to read memory beyond intended limits and potentially execute malicious code by manipulating function pointers.

Technical detail

CWE-125 out-of-bounds read in set_skb_priv() function lacks input validation on buffer operations, enabling information disclosure and arbitrary code execution through invalid function pointer dereference. Exploitation requires interaction with the modem interface driver prior to SMR Oct-2021 Release 1 patches.

Summary generated and translated by AI from the official description.
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25487