Main Vulnerability Database Vulnerabilities #VU34491

#VU34491 Input validation error in Google Android - CVE-2018-21063

Published: April 8, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34491

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-21063

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Google Android

Software vendor:
Google

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018).

Remediation

Install update from vendor's website.

External links

https://security.samsungmobile.com/securityUpdate.smsb