The U.S. CISA has warned of active exploitation of a medium severity flaw affecting Samsung devices.
The security bug tracked as CVE-2023-21492 with a CVSS score of 4.4, impacts select Samsung devices running Android versions 11, 12, and 13.
The issue is described as an information disclosure flaw that could be exploited by a privileged attacker to bypass address space layout randomization protections.
ASLR is a security technique that’s designed to thwart memory corruption and code execution flaws by obscuring the location of an executable in a device’s memory.
Samsung advisory, notified that this exploit for this issue had existed in the wild, added it was privately disclosed to the company on January 17, 2023. Other details about how the flaws are being exploited are currently not known.
The other two bugs added to the catalog is
- CVE-2004-1464 Cisco IOS Denial-of-Service Vulnerability
- CVE-2016-6415 Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
The bug was added to CISA Known Exploited Vulnerabilities Catalog, and the due date is set as June 09, 2023