HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2021-25487

CVSS 7.3v3.1pub. 2021-10-06upd. 2025-10-30

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
  • Samsung Android

    OS
    Samsung
    10.011.08.19.0

CISA KEV — detailsi

Vendori
Samsung
Producti
Mobile Devices
Added to KEVi
June 29, 2023
Remediation deadline (US Federal)i
July 20, 2023(overdue)
Required action (CISA)i

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

CISA descriptioni

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 20 lipca 2023
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-21456CRITICAL9.0ten sam produkt

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to acces...

CVE-2025-21042HIGH8.8⚠ KEVten sam produkt

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execu...

CVE-2025-21043HIGH8.8⚠ KEVten sam produkt

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execu...

CVE-2026-20990HIGH8.4ten sam produkt

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows loca...

CVE-2026-20979HIGH8.4ten sam produkt

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arb...