CVE-2021-25489
06.10.2021, 18:15
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.Enginsight
| Vendor | Product | Version |
|---|---|---|
| samsung | android | 8.1 |
| samsung | android | 9.0:smr-apr-2021-r1 |
| samsung | android | 9.0:smr-aug-2021-r1 |
| samsung | android | 9.0:smr-feb-2021-r1 |
| samsung | android | 9.0:smr-jan-2021-r1 |
| samsung | android | 9.0:smr-jul-2021-r1 |
| samsung | android | 9.0:smr-jun-2021-r1 |
| samsung | android | 9.0:smr-mar-2021-r1 |
| samsung | android | 9.0:smr-may-2021-r1 |
| samsung | android | 9.0:smr-sep-2021-r1 |
| samsung | android | 10.0:smr-apr-2021-r1 |
| samsung | android | 10.0:smr-aug-2021-r1 |
| samsung | android | 10.0:smr-feb-2021-r1 |
| samsung | android | 10.0:smr-jan-2021-r1 |
| samsung | android | 10.0:smr-jul-2021-r1 |
| samsung | android | 10.0:smr-jun-2021-r1 |
| samsung | android | 10.0:smr-mar-2021-r1 |
| samsung | android | 10.0:smr-may-2021-r1 |
| samsung | android | 10.0:smr-sep-2021-r1 |
| samsung | android | 11.0:smr-apr-2021-r1 |
| samsung | android | 11.0:smr-aug-2021-r1 |
| samsung | android | 11.0:smr-feb-2021-r1 |
| samsung | android | 11.0:smr-jan-2021-r1 |
| samsung | android | 11.0:smr-jul-2021-r1 |
| samsung | android | 11.0:smr-jun-2021-r1 |
| samsung | android | 11.0:smr-mar-2021-r1 |
| samsung | android | 11.0:smr-may-2021-r1 |
| samsung | android | 11.0:smr-sep-2021-r1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-134 - Use of Externally-Controlled Format StringThe software uses a function that accepts a format string as an argument, but the format string originates from an external source.