CVE-2021-25369 in Google and Samsung Products
Published on March 26, 2021

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Samsung Mobile Devices Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.

The following remediation steps are recommended / required by November 29, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2021-25369 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Products Associated with CVE-2021-25369

You can be notified by stack.watch whenever vulnerabilities like CVE-2021-25369 are published in these products:

Google Android

Samsung Android

What versions are vulnerable to CVE-2021-25369?

Samsung Android Version 10.0 smr-aug-2020-r1
Samsung Android Version 10.0 smr-dec-2019-r1
Samsung Android Version 10.0 smr-dec-2020-r1
Samsung Android Version 10.0 smr-feb-2020-r1
Samsung Android Version 10.0 smr-feb-2021-r1
Samsung Android Version 10.0 smr-jan-2020-r1
Samsung Android Version 8.1 -
Samsung Android Version 9.0 smr-feb-2021-r1
Samsung Android Version 10.0 smr-apr-2020-r1
Samsung Android Version 10.0 smr-jan-2021-r1
Samsung Android Version 10.0 smr-jul-2020-r1
Samsung Android Version 10.0 smr-jun-2020-r1
Samsung Android Version 10.0 smr-mar-2020-r1
Samsung Android Version 10.0 smr-may-2020-r1
Samsung Android Version 10.0 smr-nov-2019-r1
Samsung Android Version 10.0 smr-nov-2020-r1
Samsung Android Version 10.0 smr-oct-2020-r1
Samsung Android Version 10.0 smr-sep-2020-r1
Samsung Android Version 8.0 -
Samsung Android Version 9.0 smr-apr-2019-r1
Samsung Android Version 9.0 smr-apr-2020-r1
Samsung Android Version 9.0 smr-aug-2019-r1
Samsung Android Version 9.0 smr-aug-2020-r1
Samsung Android Version 9.0 smr-dec-2018-r1
Samsung Android Version 9.0 smr-dec-2019-r1
Samsung Android Version 9.0 smr-dec-2020-r1
Samsung Android Version 9.0 smr-feb-2019-r1
Samsung Android Version 9.0 smr-feb-2020-r1
Samsung Android Version 9.0 smr-jan-2019-r1
Samsung Android Version 9.0 smr-jan-2020-r1
Samsung Android Version 9.0 smr-jan-2021-r1
Samsung Android Version 9.0 smr-jul-2019-r1
Samsung Android Version 9.0 smr-jul-2020-r1
Samsung Android Version 9.0 smr-jun-2019-r1
Samsung Android Version 9.0 smr-jun-2020-r1
Samsung Android Version 9.0 smr-mar-2019-r1
Samsung Android Version 9.0 smr-mar-2020-r1
Samsung Android Version 9.0 smr-may-2019-r1
Samsung Android Version 9.0 smr-may-2020-r1
Samsung Android Version 9.0 smr-nov-2018-r1
Samsung Android Version 9.0 smr-nov-2019-r1
Samsung Android Version 9.0 smr-nov-2020-r1
Samsung Android Version 9.0 smr-oct-2018-r1
Samsung Android Version 9.0 smr-oct-2019-r1
Samsung Android Version 9.0 smr-oct-2020-r1
Samsung Android Version 9.0 smr-sep-2019-r1
Samsung Android Version 9.0 smr-sep-2020-r1

CVE-2021-25369 in Google and Samsung ProductsPublished on March 26, 2021

Known Exploited Vulnerability

Vulnerability Analysis

Products Associated with CVE-2021-25369

What versions are vulnerable to CVE-2021-25369?

CVE-2021-25369 in Google and Samsung Products
Published on March 26, 2021