google android CVE-2021-25394 is a vulnerability in Google Android
Published on June 11, 2021

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.

Vendor Advisory NVD

Known Exploited Vulnerability

This Samsung Mobile Devices Race Condition Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.

The following remediation steps are recommended / required by July 20, 2023: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Vulnerability Analysis

CVE-2021-25394 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 0.5 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Race Condition Vulnerability?

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

CVE-2021-25394 has been classified to as a Race Condition vulnerability or weakness.

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2021-25394 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2021-25394

You can be notified by stack.watch whenever vulnerabilities like CVE-2021-25394 are published in these products:

Google Android
 

What versions of Android are vulnerable to CVE-2021-25394?