CVE-2021-25370

MEDIUM KEV

dpu driver <SMR Mar-2021 Release 1 - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2021-25370 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 8, 2022.

Description

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://security.samsungmobile.com/securityUpdate.smsb

Vendor Advisory x_refsource_misc

https://security.samsungmobile.com

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25370

Scores

CVSS v3 6.1

EPSS 0.0049

EPSS Percentile 66.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-11-08

VulnCheck KEV 2020-12-10

InTheWild.io 2020-12-10

ENISA EUVD EUVD-2021-12266

CWE

CWE-703 CWE-416

Status published

Products (5)

samsung/android 8.0

samsung/android 8.1

samsung/android 9.0 smr-apr-2019-r1 (29 CPE variants)

samsung/android 10.0 smr-apr-2020-r1 (16 CPE variants)

samsung/android 11.0 smr-dec-2020-r1 (3 CPE variants)

Published Mar 26, 2021

KEV Added Nov 08, 2022

Tracked Since Feb 18, 2026