← back
CVE-2021-25369

CVE-2021-25369

CVSS 6.2 MEDIUMEPSS 1.1%● KEVCWE-200
In short

A security flaw in the sec_log file allows regular users to access sensitive kernel information that should be protected. This can help attackers understand the system's internal workings and find other vulnerabilities.

Technical detail

An improper access control vulnerability in the sec_log file permits unauthorized userspace access to kernel information due to inadequate permission restrictions. The vulnerability exists in versions prior to SMR MAR-2021 Release 1 and can be exploited by local users without special privileges to read protected kernel data.

Summary generated and translated by AI from the official description.
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.comhttps://security.samsungmobile.com/securityUpdate.smsbhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25369