← back
CVE-2021-25371

CVE-2021-25371

CVSS 6.1 MEDIUMEPSS 0.8%● KEVCWE-912
In short

A flaw in the DSP driver lets attackers load unauthorized ELF libraries into the Digital Signal Processor, potentially allowing them to execute malicious code in a privileged environment.

Technical detail

The DSP driver prior to SMR Mar-2021 Release 1 lacks proper validation of ELF library sources, enabling an attacker to inject arbitrary libraries with elevated privileges. This requires local access but can lead to code execution within the DSP context, bypassing normal security boundaries.

Summary generated and translated by AI from the official description.
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.comhttps://security.samsungmobile.com/securityUpdate.smsbhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25371