PT-2020-8702 · Samsung · Samsung Mobile Devices With N(7.0)+1

Published

2020-04-08

Updated

2020-04-13

CVE-2018-21058

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samsung mobile devices with N(7.0) software Samsung mobile devices with O(8.0) software

Description An issue was discovered on Samsung mobile devices, where cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used and the Cryptography Extension (CE) is not used.

Recommendations For Samsung mobile devices with N(7.0) software, update to a version that uses the Cryptography Extension (CE) to mitigate the risk of cache attacks. For Samsung mobile devices with O(8.0) software, update to a version that uses the Cryptography Extension (CE) to mitigate the risk of cache attacks.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2018-21058

Affected Products

Samsung Mobile Devices With N(7.0)

Samsung Mobile Devices With O(8.0)

PT-2020-8702 · Samsung · Samsung Mobile Devices With N(7.0)+1

CVE-2018-21058

Weakness Enumeration

Related Identifiers

Affected Products

References · 4