CVE-2023-21492
Published: 04 May 2023
Summary
CVE-2023-21492 is a medium-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Samsung Android. Its CVSS base score is 4.4 (Medium).
Operationally, ranked in the top 40.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AU-3 (Content of Audit Records) and AU-9 (Protection of Audit Information).
Deeper analysis
CVE-2023-21492 is an information disclosure vulnerability in the Samsung Android kernel that stems from kernel pointers being written to log files. The flaw affects devices prior to the SMR May-2023 Release 1 security maintenance release and is tracked under CWE-532 (Insertion of Sensitive Information into Log File). With a CVSS 3.1 base score of 4.4, the issue enables partial bypass of address-space layout randomization when the logs are accessible.
A local attacker who already possesses high privileges can read the exposed pointers from the logs and use them to defeat ASLR, thereby facilitating follow-on kernel exploitation. The attack requires no user interaction and occurs entirely on the device.
Samsung’s May 2023 security bulletin addresses the issue through the SMR May-2023 Release 1 update. The vulnerability is also listed in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. The current EPSS score of 0.0037 remains low and shows no material upward movement.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-25660
Vulnerability details
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
- CWE(s)
- KEV Date Added
- 19 May 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly protects audit/log files from unauthorized access, preventing a privileged local attacker from reading kernel pointers that bypass ASLR.
Requires audit records to exclude sensitive data such as kernel pointers, eliminating the root cause of the information disclosure.
Ensures error and log messages do not contain sensitive internal addresses, stopping the unintended kernel-pointer leakage described in the CVE.