CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 29, 2022

CVE-2021-25370

High

EPSS 0.2%CISA KEV

Samsung/Mobile Devices

Description

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.

EPSS — Exploit Probability

0.2%

Higher than 46.7% of all CVEs

Required Action

https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25370

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 0.2%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Nov 8, 2022

Added to KEV

Nov 8, 2022

Remediation Due

Nov 29, 2022

Affected Product

Samsung

Mobile Devices

View all Samsung CVEs

External Links

NVD (NIST)CVE Details MITRE CVE