cnvd - cnvd-2025-02733

CNVD-2025-02733

Vulnerability from cnvd - Published: 2025-02-12

Title

Samsung DSP驱动程序越界写入漏洞（CNVD-2025-02733）

Description

Samsung DSP驱动程序是三星（Samsung）移动设备的一个数字信号处理驱动程序。 Samsung DSP驱动程序存在越界写入漏洞，该漏洞源于错误的边界检查，攻击者可利用该漏洞进行越界内存访问。

Severity

高

Patch Name

Samsung DSP驱动程序越界写入漏洞（CNVD-2025-02733）的补丁

Patch Description

Samsung DSP驱动程序是三星（Samsung）移动设备的一个数字信号处理驱动程序。 Samsung DSP驱动程序存在越界写入漏洞，该漏洞源于错误的边界检查，攻击者可利用该漏洞进行越界内存访问。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://security.samsungmobile.com/securityUpdate.smsb

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-25372

Impacted products

Name
['Samsung Samsung Mobile devices Q(10.0)(Exynos 980芯片组)', 'Samsung Samsung Mobile devices Q(10.0) (Exynos 9830芯片组)', 'Samsung Samsung Mobile devices Q(10.0) (Exynos 2100芯片组)', 'Samsung Samsung Mobile devices R(11.0) (Exynos 980芯片组)', 'Samsung Samsung Mobile devices R(11.0) (Exynos 9830芯片组)', 'Samsung Samsung Mobile devices R(11.0) (Exynos 2100芯片组)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-25372",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-25372"
    }
  },
  "description": "Samsung DSP\u9a71\u52a8\u7a0b\u5e8f\u662f\u4e09\u661f\uff08Samsung\uff09\u79fb\u52a8\u8bbe\u5907\u7684\u4e00\u4e2a\u6570\u5b57\u4fe1\u53f7\u5904\u7406\u9a71\u52a8\u7a0b\u5e8f\u3002\n\nSamsung DSP\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://security.samsungmobile.com/securityUpdate.smsb",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-02733",
  "openTime": "2025-02-12",
  "patchDescription": "Samsung DSP\u9a71\u52a8\u7a0b\u5e8f\u662f\u4e09\u661f\uff08Samsung\uff09\u79fb\u52a8\u8bbe\u5907\u7684\u4e00\u4e2a\u6570\u5b57\u4fe1\u53f7\u5904\u7406\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nSamsung DSP\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u7684\u8fb9\u754c\u68c0\u67e5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8d8a\u754c\u5185\u5b58\u8bbf\u95ee\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Samsung DSP\u9a71\u52a8\u7a0b\u5e8f\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2025-02733\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Samsung Samsung Mobile devices Q(10.0)(Exynos 980\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices Q(10.0) (Exynos 9830\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices Q(10.0) (Exynos 2100\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices R(11.0) (Exynos 980\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices R(11.0) (Exynos 9830\u82af\u7247\u7ec4)",
      "Samsung Samsung Mobile devices R(11.0) (Exynos 2100\u82af\u7247\u7ec4)"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-25372",
  "serverity": "\u9ad8",
  "submitTime": "2021-04-01",
  "title": "Samsung DSP\u9a71\u52a8\u7a0b\u5e8f\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2025-02733\uff09"
}

CVE-2021-25372 (GCVE-0-2021-25372)

Vulnerability from cvelistv5 – Published: 2021-03-26 18:25 – Updated: 2025-10-21 23:25

Summary

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

CVE-703: Improper Check or Handling of Exceptional Conditions

Assigner

Samsung Mobile

References

URL

Tags

	https://security.samsungmobile.com/securityUpdate.smsb	x_refsource_CONFIRM
	https://security.samsungmobile.com	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Samsung Mobile	Samsung Mobile Devices	Affected: Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830 , < SMR Mar-2021 Release 1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-25372",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T21:24:54.412179Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-06-29",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25372"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:50.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25372"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-06-29T00:00:00+00:00",
            "value": "CVE-2021-25372 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR Mar-2021 Release 1",
              "status": "affected",
              "version": "Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CVE-703: Improper Check or Handling of Exceptional Conditions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-26T18:25:04.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Mobile Devices",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830",
                            "version_value": "SMR Mar-2021 Release 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CVE-703: Improper Check or Handling of Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb",
              "refsource": "CONFIRM",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb"
            },
            {
              "name": "https://security.samsungmobile.com",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25372",
    "datePublished": "2021-03-26T18:25:04.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:50.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-02733

CVE-2021-25372 (GCVE-0-2021-25372)

Tags

Sightings

Nomenclature