CVE-2023-21492 is an information disclosure flaw that allows an attacker to bypass memory address randomization protections (ASLR – Address Space Layout Randomization). These protections are designed to prevent an attacker from easily reading or identifying locations in memory for specific process or binary. By randomizing the layout, it can help with preventing injecting code, or reading malicious code pushed into memory for later use (in overly simplistic terms).
The discovery of such a low CVSS (4.4) scored vulnerability being actively exploited in the wild is a great illustration of why the common practice of chasing critical and high vulnerabilities for patching is no longer matching the threat landscape. Following this practice (as Samsung might have done) this vulnerability would be left on the table and not patched. Attackers know this and will move in to leverage an exposure that might be left behind.
Instead of just going after the high and critical vulnerabilities organizations should enrich their data with EPSS and KEV data (Exploitation Probability Scoring System and Known Exploited Vulnerabilities). By adding this data into existing CVSS data it can help prioritize remediation efforts to reduce exposure to attack. This is not saying that you should not remediate critical and high vulnerabilities, but that you should focus on removing probable and known attack vectors first to reduce the risk of compromise and not just focus on what is at the top of the CVSS scale.