An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105840 | Third Party Advisory VDB Entry |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028 | Patch Third Party Advisory Vendor Advisory |
https://security.netapp.com/advisory/ntap-20181112-0001/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-20T19:00:00
Updated: 2018-11-21T10:57:01
Reserved: 2018-06-07T00:00:00
Link: CVE-2018-12037
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-11-20T19:29:00.247
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-12037
JSON object: View
Redhat Information
No data.
CWE