Active debug code in Samsung Mobile Firmware - CVE-2023-21496
Published: May 26, 2023
Vulnerability identifier: #VU76541
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-21496
CWE-ID: CWE-489
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Samsung
Affected software:
Samsung Mobile Firmware
Samsung Mobile Firmware
Detailed vulnerability description
The vulnerability allows an attacker to escalate privileges on the device.
The vulnerability exists due to presence of an active debug code in ActivityManagerService. An attacker with physical access to device can use debug function via setting the debug level.
How to mitigate CVE-2023-21496
Install updates from vendor's website.