CVE-2021-25487 — Samsung Mobile Devices

Samsung Mobile Devices Out-of-Bounds Read Vulnerability

Added to KEV

2023-06-29

Federal due date

2023-07-20

Vendor

Samsung

Product

Mobile Devices

EPSS

85.8th percentile (score 0.026, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2021-25487

CISA short description

Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

Required action

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.