⚠ Actively exploited
Added to CISA KEV on 2023-05-19. Federal agencies required to patch by 2023-06-09. Required action: Apply updates per vendor instructions..

CVE-2023-21492Log File Information Exposure in Mobile Devices

CWE-532Log File Information Exposure5 documents5 sources
Severity
4.4MEDIUMNVD
EPSS
0.6%
top 31.20%
CISA KEV
KEV
Added 2023-05-19
Due 2023-06-09
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Samsung Mobile DevicesSamsung Android
Timeline
PublishedMay 4
KEV addedMay 19
KEV dueJun 9
CISA Required Action: Apply updates per vendor instructions.

Description

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5samsung_mobile/samsung_mobile_devicesSelected Android 11, 12, 13 devicesSMR May-2023 Release 1
NVDsamsung/android11.0, 12.0, 13.0+2

🔴Vulnerability Details

3
CVEList
CVE-2023-21492: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR2023-05-04
GHSA
GHSA-v36x-x4cv-7vr2: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR2023-05-04
VulnCheck
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability2023

📋Vendor Advisories

1
CISA
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability2023-05-19
CVE-2023-21492 — Log File Information Exposure | cvebase