Samsung smartphones flaws included in the CISA vulnerability catalog

The Known Exploited Vulnerabilities Catalog maintained by the US Cybersecurity and Infrastructure Security Agency (CISA) now contains several weaknesses in Samsung smartphones. These vulnerabilities are believed to have been taken advantage of by a commercial spyware seller.

CISA recently updated its catalog to include eight new vulnerabilities. Among them are two flaws in D-Link routers and access points exploited by a variant of the Mirai botnet. The remaining six vulnerabilities affected Samsung mobile devices and were all addressed by Samsung in 2021.

One of the vulnerabilities is CVE-2021-25487, which involves an out-of-bounds read in the modem interface driver. This flaw could lead to the execution of arbitrary code. Samsung considers it a “moderate” issue, but the National Vulnerability Database (NVD) rates it as “high severity” based on the CVSS score.

Source: NIST

Another vulnerability fixed in the same round of patches from October 2021 is CVE-2021-25489. A low-severity format string bug in the modem interface driver could result in a denial-of-service condition.

Source: CISA

CISA added CVE-2021-25394 and CVE-2021-25395, both moderate-severity use-after-free bugs in the MFC charger driver. Samsung addressed these vulnerabilities in May 2021.

The remaining two vulnerabilities are CVE-2021-25371 and CVE-2021-25372. The former is a moderate-severity issue that permits an attacker to load arbitrary ELF files within the DSP driver, while the latter is a moderate-severity out-of-bounds access vulnerability in the exact driver. Samsung patched both vulnerabilities in March 2021.

Source: Linuxhint

Samsung has not updated its previous advisories to alert users about exploiting these vulnerabilities.

According to Vulnera: “Samsung still needs to update its old advisories to warn users about exploiting these vulnerabilities. No public reports describe the exploitation of the Samsung mobile device vulnerabilities added to CISA’s ‘must-patch’ list this week. However, a commercial spyware vendor is believed to have exploited them.”

Both Samsung and CISA have recently issued warnings regarding CVE-2023-21492, a kernel pointer exposure issue related to log files. 

Samsung patches exploited vulnerability in Android Smartphones in its latest May 2023 updates.
↘️https://t.co/akRpNLnQ3o pic.twitter.com/W8lqk6kKcB

— SwitHak (👁) (@SwitHak) May 22, 2023

This vulnerability allows a privileged local attacker to bypass the Address Space Layout Randomization (ASLR) exploit mitigation technique.

Concluding thoughts

Device managers and producers need to prioritize the timely dissemination of information about the vulnerabilities and their exploitation. Prompt patches, notifications, and keeping a security check is the key. 

Also, maintaining the severity of mobile devices is essential, and technology companies must pay attention to it. Stay safe and secure!