CVE-2021-25487

Summary

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileSamsung Mobile DevicesO(8.1), P(9.0), Q(10.0), R(11.0) < SMR Oct-2021 Release 1affected

Weaknesses

  • CWE-125: CWE-125: Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References