CVE-2018-21058 : Security Advisory and Response

A vulnerability has been identified on Samsung mobile devices running N(7.0) and O(8.0) software with Exynos7420 or Exynos 8890/8996 chipsets, exposing the Keymaster AES-GCM implementation to cache attacks.

Understanding CVE-2018-21058

This CVE refers to a security issue affecting Samsung mobile devices with specific software versions and chipsets.

What is CVE-2018-21058?

The vulnerability in CVE-2018-21058 allows cache attacks on the Keymaster AES-GCM implementation due to the absence of Cryptography Extension (CE) and the use of T-Tables.

The Impact of CVE-2018-21058

The vulnerability poses a security risk to the confidentiality and integrity of data stored on affected Samsung mobile devices.

Technical Details of CVE-2018-21058

This section provides more technical insights into the vulnerability.

Vulnerability Description

The vulnerability arises from the use of T-Tables and the absence of Cryptography Extension (CE) in the Keymaster AES-GCM implementation on Samsung devices.

Affected Systems and Versions

Samsung mobile devices running N(7.0) and O(8.0) software
Devices equipped with Exynos7420 or Exynos 8890/8996 chipsets

Exploitation Mechanism

The vulnerability allows attackers to launch cache attacks against the Keymaster AES-GCM implementation, potentially compromising sensitive data.

Mitigation and Prevention

Protecting devices from CVE-2018-21058 requires immediate actions and long-term security practices.

Immediate Steps to Take

Regularly update Samsung mobile devices with the latest security patches
Implement additional security measures to mitigate cache attacks

Long-Term Security Practices

Employ encryption techniques to safeguard sensitive data
Conduct regular security audits and assessments to identify and address vulnerabilities

Patching and Updates

Samsung has released security updates addressing CVE-2018-21058. Ensure devices are updated with the latest patches to mitigate the vulnerability.