Cybersecurity Alerts

Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability

Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-532

References

• https://security.samsungmobile.com/securityUpdate.smsb
• https://nvd.nist.gov/vuln/detail/CVE-2023-21492