CVE-2021-25410 – This vulnerability in Samsung's CallBGProvider ... (How to Fix)

Q: What is the severity of CVE-2021-25410?

CVE-2021-25410 has a CVSS score of 7.1 (HIGH). This vulnerability in Samsung's CallBGProvider component allows local attackers to bypass access controls and read arbitrary files with elevated privileges. It affects Samsung devices running Android prior to the June 2021 security update. Attackers need local access to the device to exploit this flaw.

📋 TL;DR

This vulnerability in Samsung's CallBGProvider component allows local attackers to bypass access controls and read arbitrary files with elevated privileges. It affects Samsung devices running Android prior to the June 2021 security update. Attackers need local access to the device to exploit this flaw.

💻 Affected Systems

Products:

Samsung Android devices

Versions: Android versions prior to SMR JUN-2021 Release 1

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the CallBGProvider component in Samsung's Android implementation. All devices with vulnerable versions are affected by default.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attackers could access sensitive system files, user data, or credentials stored on the device, potentially leading to complete device compromise.

🟠

Likely Case

Local malicious apps or users could access private user data, configuration files, or other sensitive information they shouldn't have permission to read.

🟢

If Mitigated

With proper access controls, only authorized system components can access the protected files, preventing unauthorized data exposure.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring physical or local access to the device.

🏢 Internal Only: MEDIUM - In enterprise environments, malicious insiders or compromised devices could exploit this to access sensitive data on affected Samsung devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the device. The vulnerability details and exploitation methods have been publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR JUN-2021 Release 1 or later

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings > Software update. 2. Install the June 2021 security update or later. 3. Restart the device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary permissions

android

Review and restrict app permissions, especially for apps that don't need access to system components or files.

🧯 If You Can't Patch

Restrict physical access to devices and implement strong device management policies
Monitor for suspicious file access patterns and implement application whitelisting

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Software information. If patch level is earlier than June 2021, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'June 1, 2021' or later in Settings > About phone > Software information.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from non-system apps
Access attempts to protected system directories

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Look for file access events from non-system processes to sensitive directories like /data, /system, or application-specific protected storage

📊 Metadata

CVE ID: CVE-2021-25410

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-20

Published: June 11, 2021

Last Updated: November 21, 2024

🔗 References

https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/ Exploit,Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 Vendor Advisory
https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/ Exploit,Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25410, you might also want to check these: