CVE-2021-25371
Published: 26 March 2021
Summary
CVE-2021-25371 is a medium-severity Hidden Functionality (CWE-912) vulnerability in Samsung Android. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 17.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability is present in the DSP driver on affected Samsung devices prior to the SMR Mar-2021 Release 1 update. It permits an attacker to load arbitrary ELF libraries inside the DSP, which is tracked under CWE-912 and carries a CVSS 3.1 score of 6.1 reflecting physical access, high attack complexity, and high privileges required for exploitation.
An attacker with physical access and the necessary privileges can load malicious ELF libraries into the DSP, resulting in high impact to confidentiality, integrity, and availability on the device. The attack vector requires direct physical interaction and does not involve user interaction or network adjacency.
Samsung security bulletins direct users to apply the March 2021 maintenance release that resolves the issue in the DSP driver. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-12267
Vulnerability details
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
- CWE(s)
- KEV Date Added
- 29 June 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces access control policy on the DSP driver so that only authorized code paths may load ELF libraries, directly blocking the unauthorized load primitive.
Limits privileges granted to processes interacting with the DSP driver, removing the excessive rights needed to load arbitrary ELF libraries.
Requires cryptographic or integrity verification of code loaded into the DSP, detecting or blocking the malicious ELF before execution.