Login Sign Up

CVE-2021-25407

7.8 HIGH

📋 TL;DR

This vulnerability allows an attacker to write arbitrary data to memory in Samsung's NPU (Neural Processing Unit) driver, potentially leading to system compromise. It affects Samsung devices with NPU hardware prior to the June 2021 security update. Attackers could exploit this to gain elevated privileges or execute arbitrary code.

💻 Affected Systems

Products:
  • Samsung devices with NPU hardware
Versions: All versions prior to SMR JUN-2021 Release 1
Operating Systems: Android with Samsung modifications
Default Config Vulnerable: ⚠️ Yes
Notes: Requires NPU hardware present; affects Samsung's custom driver implementation.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing complete device control, data theft, and persistence.

🟠

Likely Case

Local privilege escalation from a compromised app to kernel-level access, enabling further attacks on the device.

🟢

If Mitigated

Limited impact with proper app sandboxing and security updates, potentially preventing exploitation entirely.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access; public proof-of-concept exists demonstrating the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR JUN-2021 Release 1 or later

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install the June 2021 security update or later. 3. Reboot the device after installation.

🔧 Temporary Workarounds

Disable NPU functionality

android

Temporarily disable NPU features if not required, though this may impact device performance.

🧯 If You Can't Patch

  • Restrict app installations to trusted sources only
  • Implement strict app permission controls and monitor for suspicious behavior

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Software information. If patch level is earlier than June 2021, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Confirm security patch level shows 'June 1, 2021' or later in device settings.

📡 Detection & Monitoring

Log Indicators:

  • Kernel crash logs related to NPU driver
  • Unexpected NPU driver activity

SIEM Query:

Device logs showing security patch level older than June 2021 combined with suspicious process activity

📊 Metadata

CVE ID: CVE-2021-25407
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: June 11, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25407, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)