CVE-2021-25408

Published: Jun 11, 2021Modified: Jun 17, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.

Affected (3)

Products: Google: Android

1 product

Configuration A

3 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Google Android	Version 10.0
Google Android	Version 11.0
Google Android	Version 9.0

Running on/with	Platform Versions
Samsung Exynos 2100	All versions
Samsung Exynos 980	All versions
Samsung Exynos 9820	All versions
Samsung Exynos 9830	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.