CVE-2021-25476

CVSS 4.1 MEDIUMEPSS 0.1%CWE-1295

In short

A flaw in Widevine's trusted application logging allows attackers to determine the memory layout of the TEE (Trusted Execution Environment), bypassing ASLR protection. This makes it easier to exploit other vulnerabilities within the secure processor.

Technical detail

Information disclosure vulnerability in Widevine TA log enables ASLR bypass within the TEE through memory layout information leakage. Attack vector requires local access to TEE logs; impact allows attackers to predict memory addresses for subsequent code execution attacks against the trusted application.

Summary generated and translated by AI from the official description.

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10