CVE-2018-21058

Vulnerability

An issue exists in the Keymaster AES-GCM implementation on Samsung mobile devices running Android N (7.0) or O (8.0) with Exynos 7420, 8890, or 8996 chipsets. The implementation uses T-Tables for AES-GCM operations instead of the Cryptography Extension (CE), making it susceptible to cache side-channel attacks [1].

Exploitation

An attacker with local access to the device and the ability to run unprivileged code can perform cache-timing analysis. By monitoring cache behavior during AES-GCM operations, the attacker can recover secret key material. No special permissions beyond user-level code execution are required.

Impact

Successful exploitation allows an attacker to extract cryptographic keys used by the Keymaster hardware-backed keystore. This compromises the confidentiality and integrity of all data protected by those keys, including encryption keys for storage, authentication tokens, and DRM content.

Mitigation

Samsung addressed this issue in a security update released in September 2018, identified by SVE-2018-12761 [1]. Users should ensure their devices are updated to the latest firmware that includes the fix. No workaround is available for unpatched devices.