Cyber Resilience

CVE-2021-25394

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 11 June 2021

Published
11 June 2021
Modified
30 October 2025
KEV Added
29 June 2023
Patch
CVSS Score v3.1 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0043 63.1th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-25394 is a medium-severity Use After Free (CWE-416) vulnerability in Samsung Android. Its CVSS base score is 6.4 (Medium).

Operationally, ranked in the top 36.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2021-25394 is a use-after-free vulnerability (CWE-416) resulting from a race condition (CWE-362) in the MFC charger driver on Samsung mobile devices. It affects builds prior to the SMR MAY-2021 Release 1 security maintenance update and carries a CVSS 3.1 score of 6.4 reflecting local access, high attack complexity, and high privileges required.

An attacker who has already obtained radio-level privileges on the device can exploit the flaw to perform an arbitrary kernel write. Successful exploitation grants the ability to corrupt memory and potentially escalate privileges or achieve further code execution within the kernel context.

Samsung's May 2021 security bulletin addresses the issue by shipping the corrected MFC charger driver in SMR MAY-2021 Release 1 and subsequent monthly updates. The vulnerability is also catalogued by CISA as actively exploited in the wild, indicating that in-the-field attacks have been observed.

EU & UK References

Vulnerability details

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.

CWE(s)
KEV Date Added
29 June 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
android
10.0, 11.0, 8.1, 9.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the SMR MAY-2021 patch that eliminates the race condition and use-after-free in the MFC charger driver.

prevent

Enforces least privilege so that compromise of radio-level rights does not automatically grant the kernel write capability described in the CVE.

prevent

Process isolation limits the blast radius of a use-after-free in a kernel driver, preventing arbitrary memory corruption from escaping the compromised radio context.

References