CVE-2018-12037

Name of the Vulnerable Software and Affected Versions Samsung 840 EVO versions (affected versions not specified) Samsung 850 EVO versions (affected versions not specified) Samsung T3 versions (affected versions not specified) Samsung T5 versions (affected versions not specified) Crucial MX100 versions (affected versions not specified) Crucial MX200 versions (affected versions not specified) Crucial MX300 versions (affected versions not specified)

Description An issue allows attackers with privileged access to SSD firmware full access to encrypted data due to the absence of a cryptographic link between the password and the Disk Encryption Key. This issue affects devices in "ATA high" mode.

Recommendations For Samsung 840 EVO, consider disabling hardware encryption until a patch is available. For Samsung 850 EVO, consider disabling hardware encryption until a patch is available. For Samsung T3, consider disabling hardware encryption until a patch is available. For Samsung T5, consider disabling hardware encryption until a patch is available. For Crucial MX100, consider disabling hardware encryption until a patch is available. For Crucial MX200, consider disabling hardware encryption until a patch is available. For Crucial MX300, consider disabling hardware encryption until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.