Details of VAR-202110-0182

ID

VAR-202110-0182

CVE

CVE-2021-25467

TITLE

Samsung Vision DSP Kernel Driver Privilege Escalation Vulnerability (CNVD-2025-02726)

Trust: 0.6

sources: CNVD: CNVD-2025-02726

DESCRIPTION

Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. Samsung Vision DSP kernel driver is a driver used by Samsung mobile devices. The vulnerability is caused by the lack of correct boundary checking in the Vision DSP kernel driver. Attackers can exploit this vulnerability to escalate privileges by hijacking loaded libraries

Trust: 1.53

sources: NVD: CVE-2021-25467 // CNVD: CNVD-2025-02726 // VULMON: CVE-2021-25467

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-02726

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	samsung	model:	mobile devices r	scope:	eq	version:	980	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	eq	version:	9830	Trust: 0.6
vendor:	samsung	model:	mobile devices r	scope:	eq	version:	2100	Trust: 0.6

sources: CNVD: CNVD-2025-02726 // NVD: CVE-2021-25467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25467
value:	MEDIUM
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25467
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-02726
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202110-321
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-25467
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-25467
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2025-02726
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25467
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25467
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-02726 // VULMON: CVE-2021-25467 // CNNVD: CNNVD-202110-321 // NVD: CVE-2021-25467 // NVD: CVE-2021-25467

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2021-25467

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-321

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-321

PATCH

title:	Patch for Samsung Vision DSP Kernel Driver Privilege Escalation Vulnerability (CNVD-2025-02726)	url:	https://www.cnvd.org.cn/patchInfo/show/654776	Trust: 0.6
title:	Samsung SMR Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165863	Trust: 0.6

sources: CNVD: CNVD-2025-02726 // CNNVD: CNNVD-202110-321

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25467	Trust: 2.3
db:	CNVD	id:	CNVD-2025-02726	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-321	Trust: 0.6
db:	VULMON	id:	CVE-2021-25467	Trust: 0.1

sources: CNVD: CNVD-2025-02726 // VULMON: CVE-2021-25467 // CNNVD: CNNVD-202110-321 // NVD: CVE-2021-25467

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=10	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25467	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-02726 // VULMON: CVE-2021-25467 // CNNVD: CNNVD-202110-321 // NVD: CVE-2021-25467

SOURCES

db:	CNVD	id:	CNVD-2025-02726
db:	VULMON	id:	CVE-2021-25467
db:	CNNVD	id:	CNNVD-202110-321
db:	NVD	id:	CVE-2021-25467

LAST UPDATE DATE

2025-02-14T22:55:03.211000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-02726	date:	2025-02-12T00:00:00
db:	VULMON	id:	CVE-2021-25467	date:	2021-10-14T00:00:00
db:	CNNVD	id:	CNNVD-202110-321	date:	2021-10-19T00:00:00
db:	NVD	id:	CVE-2021-25467	date:	2021-10-14T19:27:47.587

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-02726	date:	2022-10-11T00:00:00
db:	VULMON	id:	CVE-2021-25467	date:	2021-10-06T00:00:00
db:	CNNVD	id:	CNNVD-202110-321	date:	2021-10-06T00:00:00
db:	NVD	id:	CVE-2021-25467	date:	2021-10-06T18:15:08.557