CVE-2021-25489
Published: 06 October 2021
Summary
CVE-2021-25489 is a low-severity Improper Input Validation (CWE-20) vulnerability in Samsung Android. Its CVSS base score is 3.3 (Low).
Operationally, ranked in the top 42.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2021-25489 is a format string vulnerability resulting from missing input validation in the modem interface driver on affected Samsung devices. The flaw, present prior to the SMR Oct-2021 Release 1, is tracked under CWE-20 and CWE-134 and can be triggered when radio permissions have already been obtained, ultimately causing a kernel panic.
An attacker with local access and the ability to exercise radio permissions can supply malicious input to the driver, leading to denial of service through the resulting kernel panic. The CVSS 3.3 score reflects limited impact consisting solely of low availability loss with no confidentiality or integrity effects.
Samsung's October 2021 security bulletin addresses the issue via the SMR Oct-2021 Release 1 update. The vulnerability is also catalogued by CISA as one known to have been exploited in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-12385
Vulnerability details
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
- CWE(s)
- KEV Date Added
- 29 June 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input to the modem interface driver, eliminating the unsanitized format strings that trigger the kernel panic.
Mandates prompt application of the SMR Oct-2021 Release 1 patch that corrects the missing input validation in the driver.
Restricts which processes or apps may obtain radio permissions, reducing the attack surface that can reach the vulnerable modem interface.