CVE-2022-39897
Description
Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Kernel address information is exposed via log in Samsung devices prior to SMR Dec-2022 Release 1, allowing local attackers to access sensitive kernel addresses.
Vulnerability
The kernel in Samsung mobile devices prior to SMR Dec-2022 Release 1 contains an exposure of sensitive information vulnerability. The kernel address information is logged, allowing local attackers to access kernel addresses. Affected versions include all kernel versions before the December 2022 security update [1].
Exploitation
An attacker with local access to the device can read kernel logs to obtain kernel address information. No special privileges are required beyond local access; the attacker simply needs to access the log output where kernel addresses are inadvertently exposed [1].
Impact
Successful exploitation allows the attacker to obtain kernel address information, which can be used to bypass kernel address space layout randomization (KASLR) and aid in further exploitation, potentially leading to more severe attacks [1].
Mitigation
Samsung released the fix in SMR Dec-2022 Release 1. Users should update to the latest security patch to mitigate this vulnerability. No workarounds are documented in the available references [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < SMR Dec-2022
- Range: Selected Q(10), R(11), S(12) Qualcomm devices
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.