CVE-2021-25476

Medium

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection…

Samsung Mobile·CWE-1295·Published 2021-10-06

CVSS

4.4

EPSS

0.00

KEV

Exploits

cve.orgen

155 chars

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

NVDen

155 chars

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

Una vulnerabilidad de divulgación de información en Widevine TA log versiones anteriores a SMR Oct-2021 Release 1, permite a atacantes omitir el mecanismo de protección ASLR en TEE

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
3.1	Primary	cve.org	4.1	—	—	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	cve.org	4.1	—	—	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	4.1	0.5	3.6	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H