CVE-2023-21492
MEDIUM KEVSamsung Android - Kernel Pointer Disclosure in Log File
Title source: llmExploitation Summary
CVE-2023-21492 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 19, 2023.
Description
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21492
Scores
CVSS v3
4.4
EPSS
0.0037
EPSS Percentile
59.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2023-05-19
VulnCheck KEV
2021-01-17
InTheWild.io
2021-01-17
ENISA EUVD
EUVD-2023-25660
CWE
CWE-532
Status
published
Products (3)
samsung/android
11.0 (30 CPE variants)
samsung/android
12.0 (19 CPE variants)
samsung/android
13.0
Published
May 04, 2023
KEV Added
May 19, 2023
Tracked Since
Feb 18, 2026