VIR Vulnerability Intelligence Relay

CVE-2021-25487

unknown KEV
Published 2023-06-29 · Modified 2023-06-29
CVSS v3
CVSS v2
VIR risk
1.5

Description

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

CISA KEV

Vendor
Samsung
Product
Mobile Devices
Due date
2023-07-20

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25487

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.