CVE-2018-21054

Name of the Vulnerable Software and Affected Versions Samsung mobile devices with M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420 Samsung mobile devices with N(7.0) except MSM8939 Samsung mobile devices with N(7.1) except MSM8996 SDM6xx/M6737T Samsung mobile devices with N(7.x) except exynos9610/9820 Samsung mobile devices with O(8.x) except exynos9610/9820

Description An issue was discovered in Samsung mobile devices, where there is an integer underflow with a resultant buffer overflow in eCryptFS.

Recommendations For Samsung mobile devices with M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, consider disabling the use of eCryptFS until a patch is available. For Samsung mobile devices with N(7.0) except MSM8939, restrict access to eCryptFS to minimize the risk of exploitation. For Samsung mobile devices with N(7.1) except MSM8996 SDM6xx/M6737T, avoid using eCryptFS in sensitive operations until the issue is resolved. For Samsung mobile devices with N(7.x) except exynos9610/9820, and O(8.x) except exynos9610/9820, apply configuration changes to limit the impact of the buffer overflow in eCryptFS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.