CVE-2021-25370

CISA description

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.

Required action

Apply updates per vendor instructions.

Notes & references

• https://security.samsungmobile.com/securityUpdate.smsb
• https://nvd.nist.gov/vuln/detail/CVE-2021-25370

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

• RA-5 · Vulnerability Monitoring and Scanning
• SI-2 · Flaw Remediation
• CM-6 · Configuration Settings
• SI-7 · Software, Firmware, and Information Integrity
• CM-8 · System Component Inventory

External lookups

• NVD · CVE-2021-25370
• CVE.org · CVE-2021-25370
• CISA KEV catalog (canonical)