← back
CVE-2021-25489

CVE-2021-25489

CVSS 3.3 LOWEPSS 0.5%● KEVCWE-20
In short

A format string vulnerability in the modem interface driver allows an attacker with radio permission to crash the system kernel by sending specially crafted input that isn't properly validated.

Technical detail

The modem interface driver fails to validate user-supplied format strings before processing them, enabling a local attacker with radio privileges to trigger a format string attack that causes kernel panic. Exploitation requires prior radio permission and malicious input to the driver interface.

Summary generated and translated by AI from the official description.
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25489