CVE-2021-25371
ENISA EUVD: EUVD-2021-12267 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
Published: 2021-03-26
EPSS Score
Source: FIRST.org · 2026-05-23
1.62%
probability
This CVE has a 1.62% probability
of being exploited in the next 30 days.
0%
Top 82.0th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)6.1
MEDIUM
Attack Vector
Physical
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
7.2
HIGH
Access Vector
Local
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:L/AC:L/Au:N/C:C/I:C/A:C
Description
VulnerabilityLookup (CNA)A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
Affected Products
Samsung Mobile
Samsung Mobile Devices
Q(10.0), R(11.0) devices with exynos980, exynos2100, exynos9830
Attack Intelligence
Google Project Zero
Discovered
Dec. 22, 2020
Patched
March 1, 2021
Reported by
???
Root Cause Analysis
???
https://security.samsungmobile.com/securityUpdate.smsb
x_refsource_CONFIRM
https://security.samsungmobile.com
x_refsource_MISC
Signal Intelligence
Confidence
95%
EPSS
1.62%
CVSS v3.1
6.1
Mentions
0
CNA Information
CNA Assigner
Samsung Mobile
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026
Published DateMar 26, 2021