Login Sign Up

CVE-2021-25470

7.9 HIGH

📋 TL;DR

This vulnerability in Samsung's TEEGRIS secure OS allows attackers to bypass caller verification checks in SMC calls, potentially compromising the Trusted Execution Environment. It affects Samsung mobile devices running TEEGRIS secure OS prior to October 2021 security updates. The vulnerability could allow unauthorized access to secure memory and sensitive operations.

💻 Affected Systems

Products:
  • Samsung mobile devices with TEEGRIS secure OS
Versions: TEEGRIS secure OS versions prior to SMR Oct-2021 Release 1
Operating Systems: Android with TEEGRIS secure OS
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects Samsung devices using TEEGRIS secure OS for Trusted Execution Environment functionality.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Trusted Execution Environment, allowing extraction of encryption keys, biometric data, and other sensitive information protected by the TEE.

🟠

Likely Case

Privilege escalation allowing unauthorized access to secure functions and data within the TEE, potentially enabling further attacks on the device.

🟢

If Mitigated

Limited impact if device is patched and proper security controls are in place, though TEE compromise remains a serious concern.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local access and knowledge of TEE internals. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SMR Oct-2021 Release 1 and later

Vendor Advisory: https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10

Restart Required: Yes

Instructions:

1. Check for available security updates in device settings. 2. Install October 2021 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable unnecessary TEE services

android

Reduce attack surface by disabling unused secure services and applications that rely on TEE functionality.

🧯 If You Can't Patch

  • Restrict physical access to devices and implement strong device management policies
  • Monitor for unusual TEE-related activity and implement application allowlisting

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Software information. If patch level is earlier than October 2021, device is vulnerable.

Check Version:

Settings > About phone > Software information > Android security patch level

Verify Fix Applied:

Verify security patch level shows October 2021 or later in device settings.

📡 Detection & Monitoring

Log Indicators:

  • Unusual TEE service calls
  • Failed SMC call attempts
  • Unexpected privilege escalation attempts

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Not applicable - requires device-level monitoring

📊 Metadata

CVE ID: CVE-2021-25470
CVSS v3 Score: 7.9 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-94
Published: October 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25470, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)