COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-25487

CVE-2021-25487

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-06-29
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-25487
⚡ RCE ⌖ exploited in the wild shame 65/100 rceexploited-in-wild

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

Players implicated

Samsung · vendorMobile Devices · product

Description

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.