PT-2021-16671 · Samsung · Exynos Cp Booting Driver

Published

2021-10-06

Updated

2021-10-13

CVE-2021-25481

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Exynos CP booting driver versions prior to SMR Oct-2021 Release 1

Description: The issue is related to improper error handling in the Exynos CP booting driver, which allows local attackers to bypass the Secure Memory Protector of Exynos CP Memory. This could potentially lead to unauthorized access to sensitive memory areas.

Recommendations: For versions prior to SMR Oct-2021 Release 1, update to SMR Oct-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Exynos CP booting driver to minimize the risk of exploitation.

Fix

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754

Related Identifiers

CVE-2021-25481

Affected Products

Exynos Cp Booting Driver

PT-2021-16671 · Samsung · Exynos Cp Booting Driver

CVE-2021-25481

Weakness Enumeration

Related Identifiers

Affected Products

References · 5