Base Score

MEDIUM6.8

CVE-2023-21472

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.

VectorPHYSICAL

Published Bymobile.security@samsung.com

Published DateSep 03, 2025, 06:15

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

6.8

Vector String

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

PHYSICAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=04

Base Score

MEDIUM6.8

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

6.8

Vector String

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

PHYSICAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH