CVE-2023-21492

high-risk

Published 2023-05-04

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

Do I need to act?

-

0.57% chance of exploitation

EPSS score — low exploit probability

!

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.4/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Android

Affected Vendors

Samsung

References (3)

Vendor Advisory https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

Vendor Advisory https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...

52

/ 100

high-risk

Severity 15/34 · Moderate

Exploitability 9/34 · Low

Exposure 28/34 · Critical