← back
CVE-2023-21492

CVE-2023-21492

CVSS 4.4 MEDIUMEPSS 2.6%● KEVCWE-532
In short

The system logs kernel memory addresses in plain text, allowing a privileged attacker on the same machine to predict where code is located in memory and bypass security protections.

Technical detail

CWE-532 (Information Exposure through Log Files) enables a privileged local attacker to read kernel pointers from log files, defeating ASLR (Address Space Layout Randomization) protections. The vulnerability requires local access and elevated privileges but compromises a fundamental memory randomization defense mechanism.

Summary generated and translated by AI from the official description.
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
Samsung Mobile · Samsung Mobile Devices

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21492