CVE-2023-21492 - Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability

Vulnerability Name

Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability

Description

Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://security.samsungmobile.com/securityUpdate.smsb

https://nvd.nist.gov/vuln/detail/CVE-2023-21492