CVE-2021-25487

HIGH KEV

Modem Interface Driver <SMR Oct-2021 Release 1 - RCE

Title source: llm

Description

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

References (2)

Scores

CVSS v3 7.3
EPSS 0.0268
EPSS Percentile 85.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Details

CISA KEV 2023-06-29
VulnCheck KEV 2021-07-26
InTheWild.io 2021-07-26
ENISA EUVD EUVD-2021-12383
CWE
CWE-125
Status published
Products (4)
samsung/android 8.1
samsung/android 9.0 smr-apr-2021-r1 (9 CPE variants)
samsung/android 10.0 smr-apr-2021-r1 (9 CPE variants)
samsung/android 11.0 smr-apr-2021-r1 (9 CPE variants)
Published Oct 06, 2021
KEV Added Jun 29, 2023
Tracked Since Feb 18, 2026