US CISA Issues Warning on Actively Exploited Samsung Vulnerability

May 20, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) has added the CVE-2023-21492 vulnerability to its Known Exploited Vulnerabilities Catalog, warning of active exploitation of the flaw in Samsung devices. The vulnerability has a CVSS score of 4.4 and affects Samsung mobile devices running Android 11, 12, and 13. It is characterized as an insertion of sensitive information into log file vulnerability, which allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.

Samsung was informed of the issue on January 17, 2023, and addressed it by removing kernel pointers in the log file. The advisory published by Samsung states, “Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.” The company also revealed that an exploit for this issue existed in the wild but did not provide further details about the attacks. It is likely that the vulnerability was combined with other flaws to compromise vulnerable Samsung devices.

CISA also discussed another issue in its latest update, relating to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. According to this directive, Federal Civil Executive Branch (FCEB) agencies must address the identified vulnerabilities by the specified due date to safeguard their networks against attacks exploiting the flaws in the catalog. Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure. CISA has set a deadline of June 9, 2023, for federal agencies to fix the CVE-2023-21492 flaw.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.