One of the vulnerabilities that Samsung's May update closes is even listed by CISA - Cybersecurity and Infrastructure Security Agency - as CVE-2023-21492. According to CISA, the vulnerability is even being actively exploited. Samsung's automatic system update alleviates the problem.
The CVE-2023-21492 vulnerability describes a security hole in Samsung mobile devices by inserting sensitive information in log files. The CISA not only lists the vulnerability, but also indicates that it is already being actively exploited. However, there is no further indication of the form in which this occurs.
Samsung May update closes over 50 gaps
Samsung provides users with the appropriate fixes for the security gap with its May update. In total, the update closes 4 critical vulnerabilities, 48 high-risk vulnerabilities, and a few moderate bugs. However, Samsung does not describe some gaps because that would probably be too explosive. The description of the vulnerability CVE-2023-21492 is only moderate. The description says: disclosure of kernel pointers in the log file. Kernel pointers are printed in the log file before SMR Release 1 May 2023 allows a privileged local attacker to bypass ASLR. The patch removes kernel pointers in the log file.
More at Samsungmobile.com