Active debug code in Samsung Mobile Firmware - CVE-2023-21496

 

Active debug code in Samsung Mobile Firmware - CVE-2023-21496

Published: May 26, 2023


Vulnerability identifier: #VU76541
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-21496
CWE-ID: CWE-489
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Samsung
Affected software:
Samsung Mobile Firmware

Detailed vulnerability description

The vulnerability allows an attacker to escalate privileges on the device.

The vulnerability exists due to presence of an active debug code in ActivityManagerService. An attacker with physical access to device can use debug function via setting the debug level.


How to mitigate CVE-2023-21496

Install updates from vendor's website.

Sources