Samsung Mobile Devices Out-of-Bounds Read Vulnerability
Samsung — Mobile Devices
- Added to KEV catalog
- 29 June 2023
- Federal remediation due date
- 20 July 2023
- Weakness classification (CWE)
- CWE-125
CISA Description
Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
Required action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25487
More Samsung Vulnerabilities
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung Mobile Devices Use-After-Free Vulnerability
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services