CVE-2021-25395 is a vulnerability in Google Android
Published on June 11, 2021
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
Known Exploited Vulnerability
This Samsung Mobile Devices Race Condition Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
The following remediation steps are recommended / required by July 20, 2023: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Vulnerability Analysis
CVE-2021-25395 can be exploited with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 0.5 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2021-25395 has been classified to as a Race Condition vulnerability or weakness.
Products Associated with CVE-2021-25395
You can be notified by stack.watch whenever vulnerabilities like CVE-2021-25395 are published in these products:
What versions of Android are vulnerable to CVE-2021-25395?
- Google Android Version 8.1
- Google Android Version 9.0
- Google Android Version 10.0
- Google Android Version 11.0