CVE-2021-25372 - OpenCVE

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Exynos 980 Exynos 9830 Exynos 2100
Google	Android

Configuration 1 [-]

AND

OR	cpe:2.3:o:google:android:10.0:::::::*
	cpe:2.3:o:google:android:11.0:::::::*

OR	cpe:2.3:h:samsung:exynos_2100:-:::::::*
	cpe:2.3:h:samsung:exynos_980:-:::::::*
	cpe:2.3:h:samsung:exynos_9830:-:::::::*

References

Link	Resource
https://security.samsungmobile.com	Vendor Advisory
https://security.samsungmobile.com/securityUpdate.smsb	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2021-03-26T18:25:04

Updated: 2021-03-26T18:25:04

Reserved: 2021-01-19T00:00:00

Link: CVE-2021-25372

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-26T19:15:12.303

Modified: 2021-04-01T19:06:34.300

Link: CVE-2021-25372

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [{"lessThan": "SMR Mar-2021 Release 1", "status": "affected", "version": "Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "CVE-703: Improper Check or Handling of Exceptional Conditions", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-26T18:25:04", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"tags": ["x_refsource_MISC"], "url": "https://security.samsungmobile.com"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2021-25372", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Samsung Mobile Devices", "version": {"version_data": [{"version_affected": "<", "version_name": "Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830", "version_value": "SMR Mar-2021 Release 1"}]}}]}, "vendor_name": "Samsung Mobile"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CVE-703: Improper Check or Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://security.samsungmobile.com/securityUpdate.smsb", "refsource": "CONFIRM", "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"name": "https://security.samsungmobile.com", "refsource": "MISC", "url": "https://security.samsungmobile.com"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2021-25372", "datePublished": "2021-03-26T18:25:04", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2021-03-26T18:25:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2023-07-20", "cisaExploitAdd": "2023-06-29", "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable", "cisaVulnerabilityName": "Samsung Mobile Devices Improper Boundary Check Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:exynos_980:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D8701B6-6989-44D1-873A-A1823BFD7CCC", "vulnerable": false}, {"criteria": "cpe:2.3:h:samsung:exynos_9830:-:*:*:*:*:*:*:*", "matchCriteriaId": "CC599902-095F-411E-B112-1BA9A643C6C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access."}, {"lang": "es", "value": "Una comprobaci\u00f3n inapropiada de l\u00edmites en el controlador DSP versiones anteriores a SMR Mar-2021 Release 1, permite un acceso a la memoria fuera de l\u00edmites."}], "id": "CVE-2021-25372", "lastModified": "2021-04-01T19:06:34.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.2, "impactScore": 5.9, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2021-03-26T19:15:12.303", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com"}, {"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}