CVE-2021-25444

Name of the Vulnerable Software and Affected Versions Android Keystore versions prior to SMR AUG-2021 Release 1

Description The issue is related to an IV reuse vulnerability in the keymaster, which allows decryption of custom keyblobs with privileged processes. This vulnerability is associated with insufficient input validation in the Android Keystore system on Samsung Galaxy devices. The exploitation of this vulnerability may enable an attacker to bypass protection and extract private keys from a secure environment.

Recommendations For versions prior to SMR AUG-2021 Release 1, consider disabling the keymaster function temporarily until a patch is available. Restrict access to the vulnerable keymaster module to minimize the risk of exploitation. Avoid using the affected keyblob in the keymaster until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.