CISA KEV 정보
| 취약점명 | Samsung Mobile Devices Memory Corruption Vulnerability |
|---|---|
| 설명 | Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-416 |
| 등록일 (KEV) | 2022-11-08 |
| 조치 기한 | 2022-11-29 |
| 추가 참고 | https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25370 |
NVD 상세 정보
CVSS v3.1: 6.1 MEDIUM
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C설명: An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
CWE: CWE-416 | CWE-703
참조
- https://security.samsungmobile.com [Vendor Advisory]
- https://security.samsungmobile.com/securityUpdate.smsb [Vendor Advisory]
- https://security.samsungmobile.com [Vendor Advisory]
- https://security.samsungmobile.com/securityUpdate.smsb [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25370 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.