Cyber Resilience

CVE-2021-25371

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 26 March 2021

Published
26 March 2021
Modified
30 October 2025
KEV Added
29 June 2023
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0162 82.2th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-25371 is a medium-severity Hidden Functionality (CWE-912) vulnerability in Samsung Android. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 17.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vulnerability is present in the DSP driver on affected Samsung devices prior to the SMR Mar-2021 Release 1 update. It permits an attacker to load arbitrary ELF libraries inside the DSP, which is tracked under CWE-912 and carries a CVSS 3.1 score of 6.1 reflecting physical access, high attack complexity, and high privileges required for exploitation.

An attacker with physical access and the necessary privileges can load malicious ELF libraries into the DSP, resulting in high impact to confidentiality, integrity, and availability on the device. The attack vector requires direct physical interaction and does not involve user interaction or network adjacency.

Samsung security bulletins direct users to apply the March 2021 maintenance release that resolves the issue in the DSP driver. The vulnerability is also listed in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation activity.

EU & UK References

Vulnerability details

A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.

CWE(s)
KEV Date Added
29 June 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
android
10.0, 11.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces access control policy on the DSP driver so that only authorized code paths may load ELF libraries, directly blocking the unauthorized load primitive.

prevent

Limits privileges granted to processes interacting with the DSP driver, removing the excessive rights needed to load arbitrary ELF libraries.

preventdetect

Requires cryptographic or integrity verification of code loaded into the DSP, detecting or blocking the malicious ELF before execution.

References