CVE-2018-12037

Published: Nov 20, 2018Modified: Nov 21, 2024

4.0

Vector

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.4 / Impact: 3.6

Source: NVD

Description

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.

Affected (7)

Products: Samsung: 840 Evo Firmware, 850 Evo Firmware, T3 Firmware, T5 Firmware · Micron: Crucial Mx100 Firmware, Crucial Mx200 Firmware, Crucial Mx300 Firmware

4 products

3 products

Crucial Mx100 Firmware

Crucial Mx200 Firmware

Crucial Mx300 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung 840 Evo Firmware	All versions

Running on/with	Platform Versions
Samsung 840 Evo	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung 850 Evo Firmware	All versions

Running on/with	Platform Versions
Samsung 850 Evo	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung T3 Firmware	All versions

Running on/with	Platform Versions
Samsung T3	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung T5 Firmware	All versions

Running on/with	Platform Versions
Samsung T5	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Micron Crucial Mx100 Firmware	All versions

Running on/with	Platform Versions
Micron Crucial Mx100	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Micron Crucial Mx200 Firmware	All versions

Running on/with	Platform Versions
Micron Crucial Mx200	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Micron Crucial Mx300 Firmware	All versions

Running on/with	Platform Versions
Micron Crucial Mx300	All versions

References (6)

http://www.securityfocus.com/bid/105840

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028

Source: cve@mitre.org

PatchThird Party AdvisoryVendor Advisory

https://security.netapp.com/advisory/ntap-20181112-0001/

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/105840

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryVendor Advisory

https://security.netapp.com/advisory/ntap-20181112-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.