Main Vulnerability Database Vulnerabilities #VU69224

Information disclosure in Samsung Mobile Firmware - CVE-2021-25335

Published: November 10, 2022

Vulnerability identifier: #VU69224

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-25335

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Samsung Mobile Firmware

Software vendor:
Samsung

Description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to improper lockscreen status check in cocktailbar service. An attacker with physical access to device can see hidden notification contents over the lockscreen in specific conditions.

Remediation

Install updates from vendor's website.

External links

https://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021

Information disclosure in Samsung Mobile Firmware - CVE-2021-25335

Description

Remediation

External links

Please verify you're human