CVE-2021-25395
CVE-2021-25395
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.4EPSS 0.4%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
11 Jun 2021Published on NVD
29 Jun 2023Active exploitation (CISA KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short
A timing flaw in the MFC charger driver allows an attacker with radio access to skip security checks that normally verify software authenticity. This could let someone install unauthorized code on the device.
Technical detail
A race condition in the MFC charger driver (pre-May 2021 Release 1) permits bypass of signature verification when radio privileges are compromised. The vulnerability exists in the driver's authentication mechanism during concurrent operations, enabling local attackers to deploy unsigned firmware or malicious code without proper validation.
Summary generated and translated by AI from the official description.
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
Samsung Mobile · Samsung Mobile DevicesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →