CVE-2023-21492 — Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability

2023-05-19 • CISA Known Exploited Vulnerability

[event] Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.

> AFFECTED SOFTWARE

Field	Value
Vendor	Samsung
Product	Mobile Devices
CWE	CWE-532
CVE ID	CVE-2023-21492
Date Added	2023-05-19
Due Date	2023-06-09
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-06-09

> REFERENCES

[1] https://security.samsungmobile.com/securityUpdate.smsb
[2] https://nvd.nist.gov/vuln/detail/CVE-2023-21492