CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jun 9, 2023

CVE-2023-21492

High

EPSS 0.4%CISA KEV

Samsung/Mobile Devices

Description

Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.

EPSS — Exploit Probability

0.4%

Higher than 60.7% of all CVEs

Required Action

https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2023-21492

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 0.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

May 19, 2023

Added to KEV

May 19, 2023

Remediation Due

Jun 9, 2023

Affected Product

Samsung

Mobile Devices

View all Samsung CVEs

External Links

NVD (NIST)CVE Details MITRE CVE