Cyber Resilience

CVE-2023-21492

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 04 May 2023

Published
04 May 2023
Modified
28 October 2025
KEV Added
19 May 2023
Patch
CVSS Score v3.1 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0037 59.5th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-21492 is a medium-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Samsung Android. Its CVSS base score is 4.4 (Medium).

Operationally, ranked in the top 40.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-3 (Content of Audit Records) and AU-9 (Protection of Audit Information).

Deeper analysis

CVE-2023-21492 is an information disclosure vulnerability in the Samsung Android kernel that stems from kernel pointers being written to log files. The flaw affects devices prior to the SMR May-2023 Release 1 security maintenance release and is tracked under CWE-532 (Insertion of Sensitive Information into Log File). With a CVSS 3.1 base score of 4.4, the issue enables partial bypass of address-space layout randomization when the logs are accessible.

A local attacker who already possesses high privileges can read the exposed pointers from the logs and use them to defeat ASLR, thereby facilitating follow-on kernel exploitation. The attack requires no user interaction and occurs entirely on the device.

Samsung’s May 2023 security bulletin addresses the issue through the SMR May-2023 Release 1 update. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. The current EPSS score of 0.0037 remains low and shows no material upward movement.

EU & UK References

Vulnerability details

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

CWE(s)
KEV Date Added
19 May 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

samsung
android
11.0, 12.0, 13.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly protects audit/log files from unauthorized access, preventing a privileged local attacker from reading kernel pointers that bypass ASLR.

prevent

Requires audit records to exclude sensitive data such as kernel pointers, eliminating the root cause of the information disclosure.

prevent

Ensures error and log messages do not contain sensitive internal addresses, stopping the unintended kernel-pointer leakage described in the CVE.

References