Vulnerabilities > CVE-2021-25407 - Out-of-bounds Write vulnerability in Google Android 10.0/11.0/9.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 | |
| Hardware | 4 |
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/163198/Samsung-NPU-npu_session_format-Out-Of-Bounds-Write.html
- http://packetstormsecurity.com/files/163198/Samsung-NPU-npu_session_format-Out-Of-Bounds-Write.html
- https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
- https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6