Refine your search
45 vulnerabilities found for android by samsung
CVE-2025-21075 (GCVE-0-2025-21075)
Vulnerability from nvd
Published
2025-11-05 05:40
Modified
2025-11-07 14:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:14:24.798143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T14:26:20.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:55.557Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21075",
"datePublished": "2025-11-05T05:40:55.557Z",
"dateReserved": "2024-11-06T02:30:14.896Z",
"dateUpdated": "2025-11-07T14:26:20.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21074 (GCVE-0-2025-21074)
Vulnerability from nvd
Published
2025-11-05 05:40
Modified
2025-11-05 05:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:54.365Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21074",
"datePublished": "2025-11-05T05:40:54.365Z",
"dateReserved": "2024-11-06T02:30:14.895Z",
"dateUpdated": "2025-11-05T05:40:54.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21073 (GCVE-0-2025-21073)
Vulnerability from nvd
Published
2025-11-05 05:40
Modified
2025-11-05 05:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:53.213Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21073",
"datePublished": "2025-11-05T05:40:53.213Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-11-05T05:40:53.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21071 (GCVE-0-2025-21071)
Vulnerability from nvd
Published
2025-11-05 05:40
Modified
2025-11-06 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T04:55:33.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:51.956Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21071",
"datePublished": "2025-11-05T05:40:51.956Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-11-06T04:55:33.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21055 (GCVE-0-2025-21055)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-22 20:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:42:55.260485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T20:37:34.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:14.330Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21055",
"datePublished": "2025-10-10T06:33:14.330Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-22T20:37:34.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21054 (GCVE-0-2025-21054)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 17:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21054",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:54:09.062986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T17:55:02.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:13.296Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21054",
"datePublished": "2025-10-10T06:33:13.296Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-10T17:55:02.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21053 (GCVE-0-2025-21053)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 17:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:55:20.230258Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T17:57:24.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:12.274Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21053",
"datePublished": "2025-10-10T06:33:12.274Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-10T17:57:24.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21052 (GCVE-0-2025-21052)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 17:59
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21052",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:59:25.420178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T17:59:38.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:11.226Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21052",
"datePublished": "2025-10-10T06:33:11.226Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-10T17:59:38.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21051 (GCVE-0-2025-21051)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 14:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21051",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T14:20:25.710255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T14:20:32.404Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:10.202Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21051",
"datePublished": "2025-10-10T06:33:10.202Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-10T14:20:32.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21050 (GCVE-0-2025-21050)
Vulnerability from nvd
Published
2025-10-10 06:41
Modified
2025-10-10 10:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T10:18:02.808835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T10:18:10.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-20: Improper Input Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:41:32.823Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21050",
"datePublished": "2025-10-10T06:41:32.823Z",
"dateReserved": "2024-11-06T02:30:14.890Z",
"dateUpdated": "2025-10-10T10:18:10.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21049 (GCVE-0-2025-21049)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 14:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T14:20:49.510422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T14:20:56.273Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:08.228Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21049",
"datePublished": "2025-10-10T06:33:08.228Z",
"dateReserved": "2024-11-06T02:30:14.890Z",
"dateUpdated": "2025-10-10T14:20:56.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21048 (GCVE-0-2025-21048)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-11 03:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-11T03:55:11.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-23 Relative Path Traversal",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:07.200Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21048",
"datePublished": "2025-10-10T06:33:07.200Z",
"dateReserved": "2024-11-06T02:30:14.890Z",
"dateUpdated": "2025-10-11T03:55:11.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21047 (GCVE-0-2025-21047)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 19:09
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T19:08:50.954444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T19:09:00.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284: Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:06.182Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21047",
"datePublished": "2025-10-10T06:33:06.182Z",
"dateReserved": "2024-11-06T02:30:14.889Z",
"dateUpdated": "2025-10-10T19:09:00.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21046 (GCVE-0-2025-21046)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-10 19:08
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T19:08:24.483200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T19:08:35.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:05.049Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21046",
"datePublished": "2025-10-10T06:33:05.049Z",
"dateReserved": "2024-11-06T02:30:14.889Z",
"dateUpdated": "2025-10-10T19:08:35.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21044 (GCVE-0-2025-21044)
Vulnerability from nvd
Published
2025-10-10 06:33
Modified
2025-10-18 03:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T03:55:46.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:02.865Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21044",
"datePublished": "2025-10-10T06:33:02.865Z",
"dateReserved": "2024-11-06T02:30:14.889Z",
"dateUpdated": "2025-10-18T03:55:46.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21043 (GCVE-0-2025-21043)
Vulnerability from nvd
Published
2025-09-12 07:21
Modified
2025-10-21 22:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21043",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T03:55:43.979759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-02",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21043"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:18.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21043"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-02T00:00:00+00:00",
"value": "CVE-2025-21043 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Sep-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T07:21:51.025Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21043",
"datePublished": "2025-09-12T07:21:51.025Z",
"dateReserved": "2024-11-06T02:30:14.888Z",
"dateUpdated": "2025-10-21T22:45:18.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21042 (GCVE-0-2025-21042)
Vulnerability from nvd
Published
2025-09-12 07:21
Modified
2025-11-11 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21042",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-11-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21042"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T04:55:32.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21042"
},
{
"url": "https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-10T00:00:00+00:00",
"value": "CVE-2025-21042 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Apr-2025 Release in Android 13, 14, 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T07:21:49.997Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21042",
"datePublished": "2025-09-12T07:21:49.997Z",
"dateReserved": "2024-11-06T02:30:14.888Z",
"dateUpdated": "2025-11-11T04:55:32.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-21492 (GCVE-0-2023-21492)
Vulnerability from nvd
Published
2023-05-04 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Version: Selected Android 11, 12, 13 devices < SMR May-2023 Release 1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21492",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:24:29.812916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-05-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21492"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:48.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21492"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-19T00:00:00+00:00",
"value": "CVE-2023-21492 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR May-2023 Release 1",
"status": "affected",
"version": "Selected Android 11, 12, 13 devices",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21492",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:48.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25489 (GCVE-0-2021-25489)
Vulnerability from nvd
Published
2021-10-06 17:10
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Version: O(8.1), P(9.0), Q(10.0), R(11.0) < SMR Oct-2021 Release 1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25489",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:22:54.293462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25489"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:30.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25489"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00+00:00",
"value": "CVE-2021-25489 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR Oct-2021 Release 1",
"status": "affected",
"version": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T17:10:39.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25489",
"datePublished": "2021-10-06T17:10:39.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:30.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25487 (GCVE-0-2021-25487)
Vulnerability from nvd
Published
2021-10-06 17:10
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Version: O(8.1), P(9.0), Q(10.0), R(11.0) < SMR Oct-2021 Release 1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25487",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:23:33.780364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25487"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:30.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25487"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00+00:00",
"value": "CVE-2021-25487 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR Oct-2021 Release 1",
"status": "affected",
"version": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T17:10:26.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25487",
"datePublished": "2021-10-06T17:10:26.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:30.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21075 (GCVE-0-2025-21075)
Vulnerability from cvelistv5
Published
2025-11-05 05:40
Modified
2025-11-07 14:26
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T14:14:24.798143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-07T14:26:20.469Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:55.557Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21075",
"datePublished": "2025-11-05T05:40:55.557Z",
"dateReserved": "2024-11-06T02:30:14.896Z",
"dateUpdated": "2025-11-07T14:26:20.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21074 (GCVE-0-2025-21074)
Vulnerability from cvelistv5
Published
2025-11-05 05:40
Modified
2025-11-05 05:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:54.365Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21074",
"datePublished": "2025-11-05T05:40:54.365Z",
"dateReserved": "2024-11-06T02:30:14.895Z",
"dateUpdated": "2025-11-05T05:40:54.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21073 (GCVE-0-2025-21073)
Vulnerability from cvelistv5
Published
2025-11-05 05:40
Modified
2025-11-05 05:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:53.213Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21073",
"datePublished": "2025-11-05T05:40:53.213Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-11-05T05:40:53.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21071 (GCVE-0-2025-21071)
Vulnerability from cvelistv5
Published
2025-11-05 05:40
Modified
2025-11-06 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T04:55:33.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Nov-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-05T05:40:51.956Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21071",
"datePublished": "2025-11-05T05:40:51.956Z",
"dateReserved": "2024-11-06T02:30:14.894Z",
"dateUpdated": "2025-11-06T04:55:33.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21055 (GCVE-0-2025-21055)
Vulnerability from cvelistv5
Published
2025-10-10 06:33
Modified
2025-10-22 20:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T17:42:55.260485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T20:37:34.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125: Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:14.330Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21055",
"datePublished": "2025-10-10T06:33:14.330Z",
"dateReserved": "2024-11-06T02:30:14.891Z",
"dateUpdated": "2025-10-22T20:37:34.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21044 (GCVE-0-2025-21044)
Vulnerability from cvelistv5
Published
2025-10-10 06:33
Modified
2025-10-18 03:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-18T03:55:46.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Oct-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T06:33:02.865Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21044",
"datePublished": "2025-10-10T06:33:02.865Z",
"dateReserved": "2024-11-06T02:30:14.889Z",
"dateUpdated": "2025-10-18T03:55:46.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21043 (GCVE-0-2025-21043)
Vulnerability from cvelistv5
Published
2025-09-12 07:21
Modified
2025-10-21 22:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21043",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-02T03:55:43.979759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-02",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21043"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:18.366Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21043"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-02T00:00:00+00:00",
"value": "CVE-2025-21043 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Sep-2025 Release in Android 13, 14, 15, 16"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787: Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T07:21:51.025Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=09"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21043",
"datePublished": "2025-09-12T07:21:51.025Z",
"dateReserved": "2024-11-06T02:30:14.888Z",
"dateUpdated": "2025-10-21T22:45:18.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21042 (GCVE-0-2025-21042)
Vulnerability from cvelistv5
Published
2025-09-12 07:21
Modified
2025-11-11 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21042",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-11-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21042"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T04:55:32.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21042"
},
{
"url": "https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-10T00:00:00+00:00",
"value": "CVE-2025-21042 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Apr-2025 Release in Android 13, 14, 15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T07:21:49.997Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2025\u0026month=04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-21042",
"datePublished": "2025-09-12T07:21:49.997Z",
"dateReserved": "2024-11-06T02:30:14.888Z",
"dateUpdated": "2025-11-11T04:55:32.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-21492 (GCVE-0-2023-21492)
Vulnerability from cvelistv5
Published
2023-05-04 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Version: Selected Android 11, 12, 13 devices < SMR May-2023 Release 1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21492",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T16:24:29.812916Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-05-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21492"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:48.107Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21492"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-19T00:00:00+00:00",
"value": "CVE-2023-21492 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR May-2023 Release 1",
"status": "affected",
"version": "Selected Android 11, 12, 13 devices",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=05"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21492",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2022-11-14T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:48.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25489 (GCVE-0-2021-25489)
Vulnerability from cvelistv5
Published
2021-10-06 17:10
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Version: O(8.1), P(9.0), Q(10.0), R(11.0) < SMR Oct-2021 Release 1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25489",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T21:22:54.293462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-06-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25489"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:30.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25489"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-06-29T00:00:00+00:00",
"value": "CVE-2021-25489 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "SMR Oct-2021 Release 1",
"status": "affected",
"version": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-06T17:10:39.000Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2021-25489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
"version_value": "SMR Oct-2021 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10",
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2021-25489",
"datePublished": "2021-10-06T17:10:39.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:30.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}