CVE-2021-25372

Published: Mar 26, 2021Modified: Jan 14, 2026CISA KEV

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

Affected (4)

Products: Samsung: Android

1 product

Configuration A

4 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Samsung Android	Version 10.0 smr-feb-2021-r1
Samsung Android	Version 10.0 smr-jan-2021-r1
Samsung Android	Version 11.0 smr-feb-2021-r1
Samsung Android	Version 11.0 smr-jan-2021-r1

Running on/with	Platform Versions
Samsung Exynos 2100	All versions
Samsung Exynos 980	All versions
Samsung Exynos 9830	All versions

Related CWEs

Improper Check or Handling of Exceptional Conditions

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (5)

https://security.samsungmobile.com

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/securityUpdate.smsb

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://security.samsungmobile.com/securityUpdate.smsb

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25372

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.