cbcvebase.
CVE-2023-21492
published 2023-05-04

CVE-2023-21492: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

PriorityP275medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-06-09
Exploited in the wild
EPSS
2.55%
83.1th percentile
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

Affected

4 ranges
VendorProductVersion rangeFixed in
samsungandroid
samsungandroid
samsungandroid
samsung_mobilesamsung_mobile_devices>= Selected Android 11, 12, 13 devices < SMR May-2023 Release 1SMR May-2023 Release 1

Detection & IOCsextracted from sources · hover to see the quote

  • Look for privileged local processes reading kernel pointer values from Android log files (logcat/dmesg), which could indicate ASLR bypass reconnaissance on Samsung devices running Android 11, 12, or 13
  • Monitor for privileged local attacker activity on Samsung Mobile Devices targeting log file contents to extract sensitive kernel pointer information for ASLR bypass
  • ·Vulnerability is only present on Samsung Mobile Devices prior to SMR May-2023 Release 1; devices patched at or after this release are not affected
  • ·Exploitation requires a privileged local attacker; remote or unprivileged exploitation is not indicated by available sources
  • ·Affected Android versions are limited to 11, 12, and 13 on Samsung Mobile Devices; other Android versions or OEMs are not confirmed affected

CVSS provenance

nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vulncheck4.4MEDIUM
cisa4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.