Lucene search

Samsung MobileCVELIST:CVE-2023-21489

HistoryMay 04, 2023 - 12:00 a.m.

CVE-2023-21489

2023-05-0400:00:00

CWE-787

Samsung Mobile

www.cve.org

heap out-of-bounds write

bootloader

smr may-2023 release 1

physical attacker

arbitrary code execution

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

21.8%

JSON

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.

CNA Affected

[
  {
    "vendor": "Samsung Mobile",
    "product": "Samsung Mobile Devices",
    "versions": [
      {
        "version": "Selected Android 11, 12, 13 Qualcomm devices",
        "status": "affected",
        "lessThan": "SMR May-2023 Release 1",
        "versionType": "custom"
      }
    ]
  }
]

References

security.samsungmobile.com/securityUpdate.smsb?year=2023&month=05

7.1 High

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

21.8%

JSON

Related for CVELIST:CVE-2023-21489