Unrated severityNVD Advisory· Published Oct 6, 2021· Updated Aug 3, 2024

CVE-2021-25474

Description

Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An improper exception handling for multi_sim_bar_show_on_qspanel in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker with shell privileges to cause permanent denial of service.

Vulnerability

The vulnerability resides in the SystemUI component of Samsung devices, specifically in the handling of the multi_sim_bar_show_on_qspanel value. An improper exception handling bug exists in versions prior to the SMR Oct-2021 Release 1 update [1]. An attacker who has already gained shell privileges on the device can exploit this issue.

Exploitation

An attacker must first obtain shell-level access on the device. With this privilege, they can manipulate the multi_sim_bar_show_on_qspanel value in a way that triggers an unhandled exception within SystemUI. This causes the SystemUI process to crash repeatedly, resulting in a permanent denial of service (DoS) condition.

Impact

Successful exploitation leads to a permanent denial of service for the user. The device becomes unusable and requires a factory reset to restore functionality. No data exfiltration or privilege escalation is described; the impact is solely availability.

Mitigation

The vulnerability is addressed in the SMR Oct-2021 Release 1 security update for Samsung devices [1]. Users are advised to install the update to prevent exploitation. No workarounds have been provided.

References

Samsung Mobile Security

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Samsung Mobile/SystemUIllm-fuzzy
Range: < SMR Oct-2021 Release 1
Samsung Mobile/mobile devicesv5
Range: Q(10.0), R(11.0)

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

security.samsungmobile.com/securityUpdate.smsbmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000