CVE-2021-25481

Published: Oct 6, 2021Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.

Affected (4)

Products: Google: Android

Google

1 product

Android

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Android	Version 10.0
Google Android	Version 11.0
Google Android	Version 8.1
Google Android	Version 9.0

Running on/with	Platform Versions
Samsung Exynos	All versions

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (2)

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.