According to The Hacker News , the vulnerability is assigned the tracking code CVE-2023-21492 with a CVSS score of 4.4, affecting some Samsung devices using Android 11, 12 and 13. The Korean electronics company describes it as an information disclosure vulnerability that can be exploited to bypass operating system memory protection measures (ASLR).

ASLR is a security technique designed to prevent heap overflows and code execution flaws by hiding the location of executable files in a device's memory. Samsung said the vulnerability was privately disclosed to the company on January 17, 2023.

Details of how the vulnerability was exploited are not yet known, but vulnerabilities in Samsung phones have been used by commercial spyware vendors to deploy malware.

In August 2020, Google's Project Zero team demonstrated a zero-click remote MMS attack that leveraged two buffer overwrite vulnerabilities in the Quram qmg library (tracked by SVE-2020-16747 and SVE-2020-17675) to defeat the ASLR technique and execute code.

In response to the abuse, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, along with two Cisco IOS vulnerabilities (tracked as CVE-2004-1464 and CVE-2016-6415). CISA urged agencies to apply the patches by June 9, 2023.

Last week, CISA also added seven vulnerabilities to KEV, the oldest of which is a 13-year-old bug affecting Linux (CVE-2010-3904) that allows attackers to escalate privileges to the highest level.