CVE-2023-21438

LOW

Samsung Android - Improper Access Control

Title source: rule

Description

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.

References (1)

Scores

CVSS v3 2.1
EPSS 0.0008
EPSS Percentile 24.5%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Classification

CWE
CWE-284 CWE-668
Status published

Affected Products (50)

samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
samsung/android
... and 35 more

Timeline

Published Feb 09, 2023
Tracked Since Feb 18, 2026