CVE-2023-21492

ENISA EUVD: EUVD-2023-25660 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 Published: 2023-05-04

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.32%

probability

This CVE has a 0.32% probability of being exploited in the next 30 days.

0% Top 55.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

4.4

MEDIUM

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Description

VulnerabilityLookup (CNA)

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

Affected Products

Samsung Mobile

Samsung Mobile Devices

Selected Android 11, 12, 13 devices

samsung

android

Samsung Mobile

Samsung Mobile Devices

Selected Android 11, 12, 13 devices <SMR May-2023 Release 1

Attack Intelligence

CWE-200 · Information Exposure CWE-532 · Insertion of Sensitive Information into Log File CWE-538 · Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-664 · Improper Control of a Resource Through its Lifetime CWE-668 · Exposure of Resource to Wrong Sphere

Google Project Zero

Discovered

Jan. 17, 2021

Patched

May 1, 2023

Reported by

Clement Lecigne of the Google Threat Analysis Group

Root Cause Analysis

???

https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

Signal Intelligence

Confidenceⓘ

95%

EPSS 0.32%

CVSS v3.1 4.4

Mentions 0

CNA Information

CNA Assigner

Samsung Mobile

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026

Published DateMay 04, 2023