CVE-2021-25370

MEDIUM KEV

dpu driver <SMR Mar-2021 Release 1 - Memory Corruption

Title source: llm

Description

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

References (3)

[Vendor Advisory] https://security.samsungmobile.com

[Vendor Advisory] https://security.samsungmobile.com/securityUpdate.smsb

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25370

Scores

CVSS v3 6.1

EPSS 0.0049

EPSS Percentile 65.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-11-08

VulnCheck KEV 2020-12-10

InTheWild.io 2020-12-10

ENISA EUVD EUVD-2021-12266

CWE

CWE-703 CWE-416

Status published

Products (5)

samsung/android 8.0

samsung/android 8.1

samsung/android 9.0 smr-apr-2019-r1 (29 CPE variants)

samsung/android 10.0 smr-apr-2020-r1 (16 CPE variants)

samsung/android 11.0 smr-dec-2020-r1 (3 CPE variants)

Published Mar 26, 2021

KEV Added Nov 08, 2022

Tracked Since Feb 18, 2026