KEVIntel
Back to KEVs
7.3
CVSS
High

CVE-2021-25487

PUBLISHED

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in...

Exploited in the wild Low complexity No user interaction
Vendor
Samsung Mobile
Product
Samsung Mobile Devices
Published
Oct 06, 2021
EPSS

Description

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

cisa

CVSS scores

CVSS v3.1 7.3 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Exploitation status

Exploited in the wild

Recorded 2023-06-29 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Jun 29, 2023

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel