CVSS: 4.4EPSS: 0%CPEs: 51EXPL: 0CVE-2023-21492 – Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
https://notcve.org/view.php?id=CVE-2023-21492
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-21098
https://notcve.org/view.php?id=CVE-2023-21098
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260567867 • https://source.android.com/security/bulletin/2023-04-01 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21091
https://notcve.org/view.php?id=CVE-2023-21091
In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. This could lead to local denial of service across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257954050 • https://source.android.com/security/bulletin/2023-04-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-21088
https://notcve.org/view.php?id=CVE-2023-21088
In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-235823542 • https://source.android.com/security/bulletin/2023-04-01 •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21084
https://notcve.org/view.php?id=CVE-2023-21084
In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262892300 • https://source.android.com/security/bulletin/2023-04-01 •