cnvd - cnvd-2025-02733

cnvd-2025-02733

Vulnerability from cnvd

Title: Samsung DSP驱动程序越界写入漏洞（CNVD-2025-02733）

Description:

Samsung DSP驱动程序是三星（Samsung）移动设备的一个数字信号处理驱动程序。

Samsung DSP驱动程序存在越界写入漏洞，该漏洞源于错误的边界检查，攻击者可利用该漏洞进行越界内存访问。

Severity: 高

Patch Name: Samsung DSP驱动程序越界写入漏洞（CNVD-2025-02733）的补丁

Patch Description:

Samsung DSP驱动程序是三星（Samsung）移动设备的一个数字信号处理驱动程序。

Samsung DSP驱动程序存在越界写入漏洞，该漏洞源于错误的边界检查，攻击者可利用该漏洞进行越界内存访问。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://security.samsungmobile.com/securityUpdate.smsb

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-25372

Impacted products

Name
['Samsung Samsung Mobile devices Q(10.0)(Exynos 980芯片组)', 'Samsung Samsung Mobile devices Q(10.0) (Exynos 9830芯片组)', 'Samsung Samsung Mobile devices Q(10.0) (Exynos 2100芯片组)', 'Samsung Samsung Mobile devices R(11.0) (Exynos 980芯片组)', 'Samsung Samsung Mobile devices R(11.0) (Exynos 9830芯片组)', 'Samsung Samsung Mobile devices R(11.0) (Exynos 2100芯片组)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-25372",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-25372"
    }
  },
  "description": "Samsung DSP\u9a71\u52a8\u7a0b\u5e8f\u662f\u4e09\u661f\uff08Samsung\uff09\u79fb\u52a8\u8bbe\u5907\u7684\u4e00\u4e2a\u6570\u5b57\u4fe1\u53f7\u5904\u7406\u9a71\u52a8\u7a0b\u5e8f\u3002\n\nSamsung DSP\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://security.samsungmobile.com/securityUpdate.smsb",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-02733",
  "openTime": "2025-02-12",
  "patchDescription": "Samsung DSP\u9a71\u52a8\u7a0b\u5e8f\u662f\u4e09\u661f\uff08Samsung\uff09\u79fb\u52a8\u8bbe\u5907\u7684\u4e00\u4e2a\u6570\u5b57\u4fe1\u53f7\u5904\u7406\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nSamsung DSP\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Samsung DSP\u9a71\u52a8\u7a0b\u5e8f\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2025-02733\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Samsung Samsung Mobile devices Q(10.0)(Exynos 980\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices Q(10.0) (Exynos 9830\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices Q(10.0) (Exynos 2100\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices R(11.0) (Exynos 980\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices R(11.0) (Exynos 9830\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices R(11.0) (Exynos 2100\u82af\u7247\u7ec4)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-25372",
  "serverity": "\u9ad8",
  "submitTime": "2021-04-01",
  "title": "Samsung DSP\u9a71\u52a8\u7a0b\u5e8f\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2025-02733\uff09"
}

CVE-2021-25372 (GCVE-0-2021-25372)

Vulnerability from cvelistv5

Published

2021-03-26 18:25

Modified

2025-07-30 01:38

Severity ?

6.1 (Medium) - CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CVE-703: Improper Check or Handling of Exceptional Conditions

Summary

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

References

▼	URL	Tags
	https://security.samsungmobile.com/securityUpdate.smsb	x_refsource_CONFIRM
	https://security.samsungmobile.com	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Samsung Mobile	Samsung Mobile Devices	Version: Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830 < SMR Mar-2021 Release 1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-25372",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T21:24:54.412179Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-06-29",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25372"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:38:15.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2023-06-29T00:00:00+00:00",
            "value": "CVE-2021-25372 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR Mar-2021 Release 1",
              "status": "affected",
              "version": "Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-26T18:25:04.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Mobile Devices",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830",
                            "version_value": "SMR Mar-2021 Release 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVE-703: Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb",
              "refsource": "CONFIRM",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb"
            },
            {
              "name": "https://security.samsungmobile.com",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25372",
    "datePublished": "2021-03-26T18:25:04.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:38:15.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted