Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-21054

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018).

Published

2020-04-08T18:15:13.557

Last Modified

2024-11-21T04:02:47.597

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	android	6.0	Yes
Operating System	google	android	7.0	Yes
Operating System	google	android	7.1.0	Yes
Operating System	google	android	7.1.1	Yes
Operating System	google	android	7.1.2	Yes
Operating System	google	android	8.0	Yes
Operating System	google	android	8.1	Yes
Hardware	samsung	exynos_9610	-	No
Hardware	samsung	exynos_9820	-	No
Operating System	google	android	6.0	Yes
Hardware	qualcomm	msm8909	-	No
Hardware	qualcomm	msm9830	-	No
Hardware	samsung	exynos_3470	-	No
Hardware	samsung	exynos_5420	-	No
Hardware	unisoc	sc7715	-	No
Hardware	unisoc	sc7730	-	No
Hardware	unisoc	sc7731	-	No
Operating System	google	android	7.0	Yes
Hardware	qualcomm	msm8939	-	No
Operating System	google	android	7.1	Yes
Hardware	mediatek	m6737t	-	No
Hardware	qualcomm	msm8996	-	No
Hardware	qualcomm	sdm6xx	-	No

References

https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory ([email protected])
https://security.samsungmobile.com/securityUpdate.smsb Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)