CVE-2021-25369 is a vulnerability in Google Android
Published on March 26, 2021
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
Known Exploited Vulnerability
This Samsung Mobile Devices Improper Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
The following remediation steps are recommended / required by November 29, 2022: Apply updates per vendor instructions.
CVE-2021-25369 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Products Associated with CVE-2021-25369
You can be notified by stack.watch whenever vulnerabilities like CVE-2021-25369 are published in these products:
What versions of Android are vulnerable to CVE-2021-25369?
- Google Android Version 8.0
- Google Android Version 8.1
- Google Android Version 9.0
- Google Android Version 10.0