CVE-2021-25370 — Samsung Mobile Devices Memory Corruption Vulnerability

2022-11-08 • CISA Known Exploited Vulnerability

[event] Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.

> AFFECTED SOFTWARE

Field	Value
Vendor	Samsung
Product	Mobile Devices
CWE	CWE-416
CVE ID	CVE-2021-25370
Date Added	2022-11-08
Due Date	2022-11-29
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-11-29

> REFERENCES

[1] https://security.samsungmobile.com/securityUpdate.smsb
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-25370