CVE-2023-21492
published 2023-05-04CVE-2023-21492: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
PriorityP275medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-06-09
Exploited in the wild
EPSS
2.55%
83.1th percentile
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| samsung | android | — | — |
| samsung | android | — | — |
| samsung | android | — | — |
| samsung_mobile | samsung_mobile_devices | >= Selected Android 11, 12, 13 devices < SMR May-2023 Release 1 | SMR May-2023 Release 1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for privileged local processes reading kernel pointer values from Android log files (logcat/dmesg), which could indicate ASLR bypass reconnaissance on Samsung devices running Android 11, 12, or 13 ↗
- →Monitor for privileged local attacker activity on Samsung Mobile Devices targeting log file contents to extract sensitive kernel pointer information for ASLR bypass ↗
- ·Vulnerability is only present on Samsung Mobile Devices prior to SMR May-2023 Release 1; devices patched at or after this release are not affected ↗
- ·Exploitation requires a privileged local attacker; remote or unprivileged exploitation is not indicated by available sources ↗
- ·Affected Android versions are limited to 11, 12, and 13 on Samsung Mobile Devices; other Android versions or OEMs are not confirmed affected ↗
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
vulncheck4.4MEDIUM
cisa4.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
cisa·2023-05-19·CVSS 4.4
CVE-2023-21492 [MEDIUM] CWE-532 Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
Vulnerability: Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
Affected: Samsung Mobile Devices
Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.
Required Action: Apply updates per vendor instructions.
Notes: https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2023-21492
Remediation Due Date: 2023-06-09
GHSA
GHSA-v36x-x4cv-7vr2: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR
ghsa_unreviewed·2023-05-04
CVE-2023-21492 [MEDIUM] CWE-532 GHSA-v36x-x4cv-7vr2: Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
VulnCheck
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
vulncheck·2023·CVSS 4.4
CVE-2023-21492 [MEDIUM] CWE-532 Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.
Affected: Samsung Mobile Devices
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/uploads/2024/02/02/dcc93e586f9028c68e7ab34c3326ff31.pdf; https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_
No detection rules found.
No public exploits indexed.
arXiv
One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices
arxiv_fulltext·2024-03-12
One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices
One for All and All for One:\ -based Control-Flow Attestation for Embedded Devices
Marco Chilese1, Richard Mitev1, Meni Orenbach2,
Robert Thorburn3, Ahmad Atamli23, Ahmad-Reza Sadeghi1 5px
1Technical University of Darmstadt, 2NVIDIA, 3 University of Southampton
## Abstract
Control-Flow Attestation (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system (prover). Existing CFA schemes suffer from impractical assumptions, such as requiring access to the prover's internal state (e.g., memory or code), the complete Control-Flow Graph (CFG) of the prover's software, large sets of measurements, or tailor-made hardware. Moreover, current CFA schemes are inadequate for attesting embedded systems due to their high computat
Checkpoint
22nd May – Threat Intelligence Report
blogs_checkpoint·2023-05-22
CVE-2023-32243 22nd May – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 22nd May – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 22nd May, please download our Threat_Intelligence Bulletin
TOP ATTACKS AND BREACHES
PharMerica, a provider of pharmacy services across the U.S., disclosed a data breach impacting approximately 5.8 million of its patients. Money Message ransomware gang claimed the attack during April, and threatened to leak 4.7 TB of stolen data.
Check Point Harmony Endpoint and Threat Emulation provide protection against this thr
2023-05-04
Published
2023-05-19
Added to CISA KEV
Exploited in the wild