Multiple vulnerabilities in Samsung Mobile Firmware



| Updated: 2023-06-29
Risk High
Patch available YES
Number of vulnerabilities 22
CVE-ID CVE-2021-25337
CVE-2021-0398
CVE-2017-14491
CVE-2021-0393
CVE-2021-0396
CVE-2021-0390
CVE-2021-0392
CVE-2021-0394
CVE-2021-25335
CVE-2021-25336
CVE-2021-0395
CVE-2021-25339
CVE-2021-25338
CVE-2021-25344
CVE-2021-25345
CVE-2021-25369
CVE-2021-25370
CVE-2021-25371
CVE-2021-25372
CVE-2021-0391
CVE-2021-0397
CVE-2017-18509
CWE-ID CWE-264
CWE-122
CWE-20
CWE-200
CWE-284
CWE-119
CWE-416
CWE-254
CWE-787
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Public exploit code for vulnerability #3 is available.
Vulnerability #16 is being exploited in the wild.
Vulnerability #17 is being exploited in the wild.
Vulnerability #18 is being exploited in the wild.
Vulnerability #19 is being exploited in the wild.
Vulnerable software
Samsung Mobile Firmware
Mobile applications / Mobile firmware & hardware

Vendor Samsung

Security Bulletin

This security bulletin contains information about 22 vulnerabilities.

Updated: 10.11.2022

Added previously unknown information about 3 zero-day vulnerabilities exploited in targeted attacks prior to patch release.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU69225

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-25337

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access control in clipboard service. A local application can use the clipboard service to read and write arbitrary files on the device.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51020

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0398

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within Android framework due to improperly imposed security restrictions. A local application with privileged access to gain access to sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Heap-based buffer overflow

EUVDB-ID: #VU8660

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-14491

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in dnsmasq.c file when processing DNS replies. A remote unauthenticated attacker can send specially crafted DNS packets to the affected service, trigger heap-based buffer overflow by 2 bytes and crash the service or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Input validation error

EUVDB-ID: #VU51022

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0393

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU51023

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0396

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51024

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0390

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within system component in Google Android due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51025

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0392

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within system component in Google Android due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU51026

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0394

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error in system component in Google Android. A local application can gain access to sensitive data on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU69224

Risk: Low

CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25335

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper lockscreen status check in cocktailbar service. An attacker with physical access to device can see hidden notification contents over the lockscreen in specific conditions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper access control

EUVDB-ID: #VU69226

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25336

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the NotificationManagerService. A local application can bypass implemented security restrictions and acquire access to notification.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51018

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0395

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within Android runtime due to improperly imposed security restrictions. A local application can execute arbitrary code on the system within the context of a privileged process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU69227

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25339

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error in HArx. A local application can trigger memory corruption via specially crafted HArx HVC call and execute arbitrary code with kernel privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU69228

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25338

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper memory access control in RKP. A local application can write some part of RKP EL2 memory region using compromised kernel.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU69229

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25344

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to missing permission check in knox_custom service. A local application can obtain the device’s serial number without permission.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU69230

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-25345

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to graphic format mismatch while converting video format in hwcomposer. A remote attacker can trick the victim into opening a specially crafted file and cause kernel panic.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper access control

EUVDB-ID: #VU69231

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-25369

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to improper access restrictions to the sec_log file. A local application can read the log file and obtain sensitive system information.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

17) Use-after-free

EUVDB-ID: #VU69232

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-25370

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the dpu driver. A local application can trigger a use-after-free error and execute arbitrary code with kernel privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

18) Security features bypass

EUVDB-ID: #VU69233

Risk: Low

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-25371

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to arbitrary ELF libraries can be loaded inside the DSP driver. A local application installed on the device can load a malicious code inside the DSP driver to hide its presence. 

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

19) Out-of-bounds write

EUVDB-ID: #VU69234

Risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-25372

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the DSP driver. A local application can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

20) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU51019

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0391

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists within Android framework due to improperly imposed security restrictions. A local application with privileged access to gain access to sensitive data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Input validation error

EUVDB-ID: #VU51021

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-0397

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input within the system component in Google Android. A remote attacker can execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Input validation error

EUVDB-ID: #VU30823

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18509

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Samsung Mobile Firmware: before SMR-MAR-2021

CPE2.3 External links

http://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###