CVE-2021-25371 vulnerability in Samsung Products
Published on March 26, 2021
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
Known Exploited Vulnerability
This Samsung Mobile Devices Unspecified Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
The following remediation steps are recommended / required by July 20, 2023: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Vulnerability Analysis
CVE-2021-25371 can be exploited with physical access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Hidden Functionality
The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators. Hidden functionality can take many forms, such as intentionally malicious code, "Easter Eggs" that contain extraneous functionality such as games, developer-friendly shortcuts that reduce maintenance or support costs such as hard-coded accounts, etc. From a security perspective, even when the functionality is not intentionally malicious or damaging, it can increase the software's attack surface and expose additional weaknesses beyond what is already exposed by the intended functionality. Even if it is not easily accessible, the hidden functionality could be useful for attacks that modify the control flow of the application.
Products Associated with CVE-2021-25371
stack.watch emails you whenever new vulnerabilities are published in Samsung Android or Samsung Mobile Devices. Just hit a watch button to start following.
Affected Versions
Samsung Mobile Devices:- Version Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830 and below SMR Mar-2021 Release 1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.