Main Vulnerability Database Vulnerabilities #VU69225

Permissions, Privileges, and Access Controls in Samsung Mobile Firmware - CVE-2021-25337

Published: November 10, 2022

Vulnerability identifier: #VU69225

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2021-25337

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Samsung Mobile Firmware

Software vendor:
Samsung

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access control in clipboard service. A local application can use the clipboard service to read and write arbitrary files on the device.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

External links

https://security.samsungmobile.com/securityUpdate.smsb#SMR-MAR-2021
https://googleprojectzero.blogspot.com/2022/11/a-very-powerful-clipboard-samsung-in-the-wild-exploit-chain.html

Permissions, Privileges, and Access Controls in Samsung Mobile Firmware - CVE-2021-25337

Description

Remediation

External links

Please verify you're human