#VU76542 Inclusion of sensitive information in log files in Samsung Mobile Firmware - CVE-2023-21492
Published: May 26, 2023
Vulnerability identifier: #VU76542
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2023-21492
CWE-ID: CWE-532
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Samsung Mobile Firmware
Samsung Mobile Firmware
Software vendor:
Samsung
Samsung
Description
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to kernel pointers are printed into the log file. A local application can read the log file and use the kernel pointers to bypass ASLR protection.
Note, the vulnerability is being exploited in the wild.
Remediation
Install updates from vendor's website.