CVE-2021-25487

Known Exploited (CISA KEV)HIGH

7.3

CVSS Severity Score

EPSS Score49.1600%

EPSS Percentile97.27th

PublishedOct 6, 2021

Last ModifiedOct 30, 2025

Vulnerability Description

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

Affected Platforms (CPE)

💻

Samsung

Android

= 8.1

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 9.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 10.0

💻

Samsung

Android

= 11.0

💻

Samsung

Android

= 11.0

💻

Samsung

Android

= 11.0

💻

Samsung

Android

= 11.0

💻

Samsung

Android

= 11.0

💻

Samsung

Android

= 11.0

💻

Samsung

Android

= 11.0

💻

Samsung

Android

= 11.0

💻

Samsung

Android

= 11.0

References & Advisories

🔗 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-25487

Vulnerability Description

Affected Platforms (CPE)

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

References & Advisories

Related Vulnerabilities