Published on March 26, 2021

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Samsung Mobile Devices Improper Boundary Check Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.

The following remediation steps are recommended / required by July 20, 2023: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Vulnerability Analysis

CVE-2021-25372 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 0.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2021-25372 has been classified to as a Memory Corruption vulnerability or weakness.

Products Associated with CVE-2021-25372

You can be notified by whenever vulnerabilities like CVE-2021-25372 are published in these products:

What versions are vulnerable to CVE-2021-25372?

Each of the following must match for the vulnerability to exist.