CVE-2023-21489

HIGH

Samsung Android - Heap Out-of-bounds Write in Bootloader

Title source: llm

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.

Core 1

Core References

Vendor Advisory

CVSS v3 7.1

EPSS 0.0014

EPSS Percentile 33.5%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

CWE

CWE-787

Status published

Products (3)

samsung/android 11.0 (27 CPE variants)

samsung/android 12.0 (16 CPE variants)

samsung/android 13.0 (7 CPE variants)

Published May 04, 2023

Tracked Since Feb 18, 2026