Cyber Resilience

CVE-2021-25370

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 26 March 2021

Published
26 March 2021
Modified
14 January 2026
KEV Added
08 November 2022
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0049 66.0th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-25370 is a medium-severity Use After Free (CWE-416) vulnerability in Samsung Android. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 34.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2021-25370 stems from an incorrect implementation of file descriptor handling in the DPU driver, which produces memory corruption and a subsequent kernel panic. It affects Samsung devices running versions prior to the SMR Mar-2021 Release 1. The flaw is tracked under CWE-416 and CWE-703 and carries a CVSS 3.1 score of 6.1.

Exploitation requires physical access to a device, high attack complexity, and high privileges; successful attacks can produce high impacts on confidentiality, integrity, and availability, although the immediate technical outcome described is a kernel panic that crashes the system.

Samsung security bulletins for the March 2021 maintenance release contain the corresponding patches and device-specific remediation guidance. The CVE is also catalogued by CISA among known exploited vulnerabilities, confirming observed in-the-wild activity.

EU & UK References

Vulnerability details

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

CWE(s)
KEV Date Added
08 November 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
android
10.0, 11.0, 8.0, 8.1, 9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that corrects the file-descriptor handling flaw in the DPU driver.

prevent

Enforces memory-protection mechanisms that can block or contain the use-after-free / memory-corruption primitive described in the CVE.

prevent

Process isolation limits the blast radius of a kernel-memory corruption bug originating in a device driver.

References