CVE-2021-25372 vulnerability in Samsung Products
Published on March 26, 2021
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
Known Exploited Vulnerability
This Samsung Mobile Devices Improper Boundary Check Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
The following remediation steps are recommended / required by July 20, 2023: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Vulnerability Analysis
CVE-2021-25372 is exploitable with physical access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Check or Handling of Exceptional Conditions
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.
Products Associated with CVE-2021-25372
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-25372 are published in these products:
Affected Versions
Samsung Mobile Devices:- Version Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830 and below SMR Mar-2021 Release 1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.