CVE-2023-21492

CVE Published	2023-05-04
Related CWE(s)	CWE-532: Insertion of Sensitive Information into Log File
Related Vendor(s)	samsung
Related Product(s)	android
Exploitation Reported (CISA KEV)	2023-05-19
CVSS 3 Base Score	4.4 (MEDIUM)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	LOCAL

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

Fuzzing for application mapping (CAPEC-215)

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.

References

CVE.org

View more information about CVE-2023-21492 on the official MITRE CVE website.

NIST National Vulnerability Database

CVE-2023-21492 on the NIST NVD.

CISA Known Exploited Vulnerabilities