Skip to main content
All vulnerabilities
CVE-2021-25487

Samsung Mobile Devices Out-of-Bounds Read Vulnerability

SamsungMobile Devices

Added to KEV catalog
29 June 2023
Federal remediation due date
20 July 2023
Weakness classification (CWE)
CWE-125

CISA Description

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

Required action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Notes

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25487

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services