Details of VAR-202110-0159

ID

VAR-202110-0159

CVE

CVE-2021-25479

TITLE

Samsung LTE RRC Buffer Overflow Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-86544

DESCRIPTION

A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Samsung LTE RRC is a protocol in Samsung mobile devices. The RRC word layer has many functions, including the broadcast of non-access stratum (NAS) related system information, the broadcast of access stratum (AS) related system information, and paging , establishing, maintaining and releasing the RRC connection between the UE and the E-UTRAN

Trust: 1.44

sources: NVD: CVE-2021-25479 // CNVD: CNVD-2022-86544

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-86544

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	eq	version:	10.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	9.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	11.0	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	8.1	Trust: 1.0
vendor:	samsung	model:	mobile devices r	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices q	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices o	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile devices p	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-86544 // NVD: CVE-2021-25479

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-25479
value:	HIGH
Trust: 1.0
mobile.security@samsung.com:	CVE-2021-25479
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2022-86544
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202110-335
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-25479
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2022-86544
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-25479
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNVD: CNVD-2022-86544 // CNNVD: CNNVD-202110-335 // NVD: CVE-2021-25479 // NVD: CVE-2021-25479

PROBLEMTYPE DATA

problemtype:	CWE-122	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2021-25479

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-335

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202110-335

PATCH

title:	Patch for Samsung LTE RRC Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/354541	Trust: 0.6
title:	Samsung SMR Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165710	Trust: 0.6

sources: CNVD: CNVD-2022-86544 // CNNVD: CNNVD-202110-335

EXTERNAL IDS

db:	NVD	id:	CVE-2021-25479	Trust: 2.2
db:	CNVD	id:	CNVD-2022-86544	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-335	Trust: 0.6

sources: CNVD: CNVD-2022-86544 // CNNVD: CNNVD-202110-335 // NVD: CVE-2021-25479

REFERENCES

url:	https://security.samsungmobile.com/securityupdate.smsb?year=2021&month=10	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-25479	Trust: 1.2
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-march-2022-37726	Trust: 0.6
url:	https://source.android.com/security/bulletin/pixel/2022-03-01	Trust: 0.6

sources: CNVD: CNVD-2022-86544 // CNNVD: CNNVD-202110-335 // NVD: CVE-2021-25479

SOURCES

db:	CNVD	id:	CNVD-2022-86544
db:	CNNVD	id:	CNNVD-202110-335
db:	NVD	id:	CVE-2021-25479

LAST UPDATE DATE

2024-08-14T14:03:03.816000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-86544	date:	2022-12-12T00:00:00
db:	CNNVD	id:	CNNVD-202110-335	date:	2022-03-08T00:00:00
db:	NVD	id:	CVE-2021-25479	date:	2021-10-13T18:11:51.067

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-86544	date:	2022-12-09T00:00:00
db:	CNNVD	id:	CNNVD-202110-335	date:	2021-10-06T00:00:00
db:	NVD	id:	CVE-2021-25479	date:	2021-10-06T18:15:09.160