A vulnerability was found in Samsung Mobile Devices N(7.x)/O(8.x) (Smartphone Operating System). It has been rated as critical. Affected by this issue is some unknown functionality of the component Fingerprint Trustlet. The manipulation with an unknown input leads to a injection vulnerability. Using CWE to declare the problem leads to CWE-74. The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. CVE summarizes:

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018).

The weakness was disclosed 04/08/2020 (Website). The advisory is available at security.samsungmobile.com. This vulnerability is handled as CVE-2018-21051 since 04/07/2020. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1055 by the MITRE ATT&CK project.

Applying a patch is able to eliminate this problem.

The entries 111342, 111380, 115287 and 115285 are pretty similar.

Productinfo

Type

• Smartphone Operating System

Vendor

• Samsung

Name

• Mobile Devices

Version

• N(7.x)
• O(8.x)

License

• commercial

Support

• end of life (old version)

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion