Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-21070

An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018).

Published

2020-04-08T18:15:14.447

Last Modified

2024-11-21T04:02:49.910

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.4 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-354

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	android	7.0	Yes
Operating System	google	android	7.1.0	Yes
Operating System	google	android	7.1.1	Yes
Operating System	google	android	7.1.2	Yes
Operating System	google	android	8.0	Yes
Hardware	qualcomm	msm8998	-	No
Hardware	qualcomm	sdm845	-	No

References

https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory ([email protected])
https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)