CVE-2021-25489
LOW KEVModem Interface Driver <SMR Oct-2021 Release 1 - Buffer Overflow
Title source: llmExploitation Summary
CVE-2021-25489 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 29, 2023.
Description
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25489
Scores
CVSS v3
3.3
EPSS
0.0035
EPSS Percentile
57.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2023-06-29
VulnCheck KEV
2021-07-16
InTheWild.io
2021-07-16
ENISA EUVD
EUVD-2021-12385
CWE
CWE-134
CWE-20
Status
published
Products (4)
samsung/android
8.1
samsung/android
9.0 smr-apr-2021-r1 (9 CPE variants)
samsung/android
10.0 smr-apr-2021-r1 (9 CPE variants)
samsung/android
11.0 smr-apr-2021-r1 (9 CPE variants)
Published
Oct 06, 2021
KEV Added
Jun 29, 2023
Tracked Since
Feb 18, 2026