Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by micron
VAR-201811-0024
Vulnerability from variot - Updated: 2023-12-18 12:56An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data. ATA Security mode and TCG OPAL There are multiple vulnerabilities in the self-encrypting drive product that implements the standard, which could allow the attacker to decrypt the contents of the encrypted drive. This makes it possible to decrypt data without knowing the user-set password. CVE-2018-12038 Information about the data encryption key is recorded in a storage area with a wear leveling function. On devices with wear leveling, when data is updated, the data is written to a physically different location, so the original data may not be completely deleted. Self-Encrypting Drives are prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. The Micron Crucial MX100, MX200, and MX300 are all silver disk drives from Micron. Samsung T3 and so on are all hard disk drives of South Korea's Samsung (Samsung) company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0024",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crucial mx200",
"scope": "eq",
"trust": 1.6,
"vendor": "micron",
"version": null
},
{
"model": "crucial mx100",
"scope": "eq",
"trust": 1.6,
"vendor": "micron",
"version": null
},
{
"model": "crucial mx300",
"scope": "eq",
"trust": 1.6,
"vendor": "micron",
"version": null
},
{
"model": "840 evo",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "t3",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "t5",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": "850 evo",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "micron",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung semiconductor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sandisk",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "western digital",
"version": null
},
{
"model": "crucial mx100 drive",
"scope": "eq",
"trust": 0.8,
"vendor": "micron",
"version": "(cve-2018-12037)"
},
{
"model": "crucial mx200 drive",
"scope": "eq",
"trust": 0.8,
"vendor": "micron",
"version": "(cve-2018-12037)"
},
{
"model": "crucial mx300 drive",
"scope": "eq",
"trust": 0.8,
"vendor": "micron",
"version": "(cve-2018-12037)"
},
{
"model": "840 evo drive",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "(cve-2018-12037)(cve-2018-12038)"
},
{
"model": "850 evo drive",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "(ata high it is affected in the case of mode. tcg mode or ata max the mode is not affected. )(cve-2018-12037)"
},
{
"model": "portable drive",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "t3 (cve-2018-12037)"
},
{
"model": "portable drive",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "t5 (cve-2018-12037)"
},
{
"model": "t5 portable drives",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "t3 portable drives",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "0"
},
{
"model": "evo drive",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "8500"
},
{
"model": "evo drives",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "8400"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20190"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "18030"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "17090"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018090"
},
{
"model": "windows version for arm64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018090"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018090"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "windows version for arm64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "windows version for arm64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "mx300 drive",
"scope": "eq",
"trust": 0.3,
"vendor": "micron",
"version": "0"
},
{
"model": "mx200 drive",
"scope": "eq",
"trust": 0.3,
"vendor": "micron",
"version": "0"
},
{
"model": "mx100 drive",
"scope": "eq",
"trust": 0.3,
"vendor": "micron",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "BID",
"id": "105840"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12037"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:840_evo_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:840_evo:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:850_evo_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:850_evo:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:t3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:t3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:t5_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:t5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:micron:crucial_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:micron:crucial_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:micron:crucial_mx200_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:micron:crucial_mx200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:micron:crucial_mx300_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:micron:crucial_mx300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12037"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carlo Meijer and Bernard van Gastel from the Dutch Radboud University",
"sources": [
{
"db": "BID",
"id": "105840"
}
],
"trust": 0.3
},
"cve": "CVE-2018-12037",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "None",
"baseScore": 6.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-009133",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-121956",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.4,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-009133",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12037",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-009133",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-169",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-121956",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121956"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12037"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in \"ATA high\" mode, not vulnerable in \"TCG\" or \"ATA max\" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data. ATA Security mode and TCG OPAL There are multiple vulnerabilities in the self-encrypting drive product that implements the standard, which could allow the attacker to decrypt the contents of the encrypted drive. This makes it possible to decrypt data without knowing the user-set password. CVE-2018-12038 Information about the data encryption key is recorded in a storage area with a wear leveling function. On devices with wear leveling, when data is updated, the data is written to a physically different location, so the original data may not be completely deleted. Self-Encrypting Drives are prone to a local security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. The Micron Crucial MX100, MX200, and MX300 are all silver disk drives from Micron. Samsung T3 and so on are all hard disk drives of South Korea\u0027s Samsung (Samsung) company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12037"
},
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "BID",
"id": "105840"
},
{
"db": "VULHUB",
"id": "VHN-121956"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12037",
"trust": 2.8
},
{
"db": "BID",
"id": "105840",
"trust": 2.0
},
{
"db": "CERT/CC",
"id": "VU#395981",
"trust": 1.9
},
{
"db": "LENOVO",
"id": "LEN-25256",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU90149383",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-169",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-121956",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-121956"
},
{
"db": "BID",
"id": "105840"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12037"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
]
},
"id": "VAR-201811-0024",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121956"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:06.030000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSD Support",
"trust": 0.8,
"url": "http://www.crucial.com/usa/en/support-ssd-firmware"
},
{
"title": "BitLocker Group Policy Settings",
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings"
},
{
"title": "Consumer Notice regarding Samsung SSDs",
"trust": 0.8,
"url": "https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/"
},
{
"title": "Micron Crucial MX100 a variety of products and Samsung T3 Various product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121956"
},
{
"db": "NVD",
"id": "CVE-2018-12037"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180028"
},
{
"trust": 2.4,
"url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd"
},
{
"trust": 2.2,
"url": "https://support.lenovo.com/us/en/product_security/len-25256"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105840"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
},
{
"trust": 1.6,
"url": "https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/"
},
{
"trust": 1.6,
"url": "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/ncsc-2018-0984+1.00+meerdere+kwetsbaarheden+ontdekt+in+implementaties+self-encrypting+drives.html"
},
{
"trust": 0.8,
"url": "https://www.ru.nl/publish/pages/909282/draft-paper.pdf"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj679890(v=ws.11)#configure-use-of-hardware-based-encryption-for-fixed-data-drives"
},
{
"trust": 0.8,
"url": "https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/"
},
{
"trust": 0.8,
"url": "https://www.crucial.com/usa/en/support-ssd-firmware/"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdefxd"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdeosd"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hderdd"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12037"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12038"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90149383/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12037"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12038"
},
{
"trust": 0.8,
"url": "https://kb.cert.org/vuls/id/395981/"
},
{
"trust": 0.3,
"url": "http://www.crucial.com"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
},
{
"trust": 0.3,
"url": "https://www.ru.nl/publish/pages/909275/draft-paper_1.pdf"
},
{
"trust": 0.3,
"url": "https://www.kb.cert.org/vuls/id/395981/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-121956"
},
{
"db": "BID",
"id": "105840"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12037"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-121956"
},
{
"db": "BID",
"id": "105840"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12037"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CERT/CC",
"id": "VU#395981"
},
{
"date": "2018-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-121956"
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105840"
},
{
"date": "2018-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"date": "2018-11-20T19:29:00.247000",
"db": "NVD",
"id": "CVE-2018-12037"
},
{
"date": "2018-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-14T00:00:00",
"db": "CERT/CC",
"id": "VU#395981"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-121956"
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105840"
},
{
"date": "2019-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-12037"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105840"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Self-encrypting hard drives do not adequately protect data",
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-169"
}
],
"trust": 0.6
}
}
VAR-201811-0025
Vulnerability from variot - Updated: 2023-12-18 12:56An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. ATA Security mode and TCG OPAL There are multiple vulnerabilities in the self-encrypting drive product that implements the standard, which could allow the attacker to decrypt the contents of the encrypted drive. CVE-2018-12037 There is no cryptographic association between the password set by the user and the encryption key used for data encryption. This makes it possible to decrypt data without knowing the user-set password. CVE-2018-12038 Information about the data encryption key is recorded in a storage area with a wear leveling function. On devices with wear leveling, when data is updated, the data is written to a physically different location, so the original data may not be completely deleted. As a result, even after updating the data encryption key with a new password, there is a possibility of accessing the previous data encryption key that is not protected or protected with an old password.An attacker with physical access to a product affected by this vulnerability could decrypt the encrypted data. Self-Encrypting Drives are prone to a local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Samsung 840 EVO is a hard disk drive made by South Korea's Samsung (Samsung). , which may result in writing to different physical areas. An attacker in physical proximity could exploit this vulnerability to obtain passwords
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0025",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "840 evo",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "micron",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung semiconductor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sandisk",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "western digital",
"version": null
},
{
"model": "crucial mx100 drive",
"scope": "eq",
"trust": 0.8,
"vendor": "micron",
"version": "(cve-2018-12037)"
},
{
"model": "crucial mx200 drive",
"scope": "eq",
"trust": 0.8,
"vendor": "micron",
"version": "(cve-2018-12037)"
},
{
"model": "crucial mx300 drive",
"scope": "eq",
"trust": 0.8,
"vendor": "micron",
"version": "(cve-2018-12037)"
},
{
"model": "840 evo drive",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "(cve-2018-12037)(cve-2018-12038)"
},
{
"model": "850 evo drive",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "(ata high it is affected in the case of mode. tcg mode or ata max the mode is not affected. )(cve-2018-12037)"
},
{
"model": "portable drive",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "t3 (cve-2018-12037)"
},
{
"model": "portable drive",
"scope": "eq",
"trust": 0.8,
"vendor": "samsung",
"version": "t5 (cve-2018-12037)"
},
{
"model": "evo drives",
"scope": "eq",
"trust": 0.3,
"vendor": "samsung",
"version": "8400"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20190"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20160"
},
{
"model": "windows server r2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20120"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "18030"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "17090"
},
{
"model": "windows rt",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.1"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "8.10"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018090"
},
{
"model": "windows version for arm64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018090"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018090"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "windows version for arm64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1018030"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "windows version for arm64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017090"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1017030"
},
{
"model": "windows version for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows version for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1016070"
},
{
"model": "windows for x64-based systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
},
{
"model": "windows for 32-bit systems",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "100"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "BID",
"id": "105841"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12038"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:840_evo_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:840_evo:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12038"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carlo Meijer and Bernard van Gastel from the Dutch Radboud University",
"sources": [
{
"db": "BID",
"id": "105841"
}
],
"trust": 0.3
},
"cve": "CVE-2018-12038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "JPCERT/CC",
"availabilityImpact": "None",
"baseScore": 6.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2018-009133",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-121957",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "JPCERT/CC",
"availabilityImpact": "High",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-009133",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12038",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "JPCERT/CC",
"id": "JVNDB-2018-009133",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-170",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-121957",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121957"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12038"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key. ATA Security mode and TCG OPAL There are multiple vulnerabilities in the self-encrypting drive product that implements the standard, which could allow the attacker to decrypt the contents of the encrypted drive. CVE-2018-12037 There is no cryptographic association between the password set by the user and the encryption key used for data encryption. This makes it possible to decrypt data without knowing the user-set password. CVE-2018-12038 Information about the data encryption key is recorded in a storage area with a wear leveling function. On devices with wear leveling, when data is updated, the data is written to a physically different location, so the original data may not be completely deleted. As a result, even after updating the data encryption key with a new password, there is a possibility of accessing the previous data encryption key that is not protected or protected with an old password.An attacker with physical access to a product affected by this vulnerability could decrypt the encrypted data. Self-Encrypting Drives are prone to a local security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Samsung 840 EVO is a hard disk drive made by South Korea\u0027s Samsung (Samsung). , which may result in writing to different physical areas. An attacker in physical proximity could exploit this vulnerability to obtain passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12038"
},
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "BID",
"id": "105841"
},
{
"db": "VULHUB",
"id": "VHN-121957"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#395981",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2018-12038",
"trust": 2.8
},
{
"db": "BID",
"id": "105841",
"trust": 2.0
},
{
"db": "LENOVO",
"id": "LEN-25256",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU90149383",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-170",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-121957",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-121957"
},
{
"db": "BID",
"id": "105841"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12038"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
]
},
"id": "VAR-201811-0025",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121957"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:05.994000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSD Support",
"trust": 0.8,
"url": "http://www.crucial.com/usa/en/support-ssd-firmware"
},
{
"title": "BitLocker Group Policy Settings",
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings"
},
{
"title": "Consumer Notice regarding Samsung SSDs",
"trust": 0.8,
"url": "https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/"
},
{
"title": "Samsung Self-Encrypting Drives Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86643"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-320",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121957"
},
{
"db": "NVD",
"id": "CVE-2018-12038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180028"
},
{
"trust": 2.4,
"url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd"
},
{
"trust": 2.2,
"url": "https://support.lenovo.com/us/en/product_security/len-25256"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105841"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/395981"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20181112-0001/"
},
{
"trust": 1.6,
"url": "https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/"
},
{
"trust": 1.6,
"url": "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/ncsc-2018-0984+1.00+meerdere+kwetsbaarheden+ontdekt+in+implementaties+self-encrypting+drives.html"
},
{
"trust": 0.8,
"url": "https://www.ru.nl/publish/pages/909282/draft-paper.pdf"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj679890(v=ws.11)#configure-use-of-hardware-based-encryption-for-fixed-data-drives"
},
{
"trust": 0.8,
"url": "https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/"
},
{
"trust": 0.8,
"url": "https://www.crucial.com/usa/en/support-ssd-firmware/"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdefxd"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdeosd"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hderdd"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12037"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12038"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90149383/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12037"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12038"
},
{
"trust": 0.8,
"url": "https://kb.cert.org/vuls/id/395981/"
},
{
"trust": 0.3,
"url": "http://www.crucial.com"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
},
{
"trust": 0.3,
"url": "https://www.ru.nl/publish/pages/909275/draft-paper_1.pdf"
},
{
"trust": 0.3,
"url": "https://www.kb.cert.org/vuls/id/395981/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-121957"
},
{
"db": "BID",
"id": "105841"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12038"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-121957"
},
{
"db": "BID",
"id": "105841"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"db": "NVD",
"id": "CVE-2018-12038"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CERT/CC",
"id": "VU#395981"
},
{
"date": "2018-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-121957"
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105841"
},
{
"date": "2018-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"date": "2018-11-20T19:29:00.353000",
"db": "NVD",
"id": "CVE-2018-12038"
},
{
"date": "2018-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-14T00:00:00",
"db": "CERT/CC",
"id": "VU#395981"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-121957"
},
{
"date": "2018-11-06T00:00:00",
"db": "BID",
"id": "105841"
},
{
"date": "2019-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009133"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-12038"
},
{
"date": "2020-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105841"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Self-encrypting hard drives do not adequately protect data",
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-170"
}
],
"trust": 0.6
}
}
VAR-201906-1091
Vulnerability from variot - Updated: 2023-12-18 12:56There are multiple vulnerabilities in implementations of ATA Security or TCG Opal Standards in Self-Encrypting Disks (SEDs), which can allow an attacker to decrypt contents of an encrypted drive. Marvell SSD Controller Contains vulnerabilities related to security features.Information may be tampered with. Marvell SSD Controller 88SS1074 is a solid-state hard drive controller from Marvell. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1091",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "88ss9174",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9189",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1085",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1095",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9175",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1087",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1079",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1092",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1084",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1098",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9187",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9190",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1088",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1093",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1100",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1090",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1080",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1074",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9188",
"scope": "eq",
"trust": 1.0,
"vendor": "marvell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "micron",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "samsung semiconductor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sandisk",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "western digital",
"version": null
},
{
"model": "88ss1074",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1079",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1080",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1092",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1093",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss1095",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9174",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9175",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9187",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
},
{
"model": "88ss9188",
"scope": null,
"trust": 0.8,
"vendor": "marvell",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"db": "NVD",
"id": "CVE-2019-10636"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1074_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1074:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1079_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1079:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1080_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1080:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1093_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1093:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1092_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1092:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1095_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1095:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss9174_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss9174:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss9175_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss9175:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss9187_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss9187:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss9188_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss9188:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss9189_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss9189:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss9190_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss9190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1085_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1085:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1087_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1087:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1090_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1090:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1084_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1084:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1088_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1088:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:marvell:88ss1098_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:marvell:88ss1098:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10636"
}
]
},
"cve": "CVE-2019-10636",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10636",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-142202",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10636",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10636",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-064",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-142202",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"db": "NVD",
"id": "CVE-2019-10636"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-064"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "There are multiple vulnerabilities in implementations of ATA Security or TCG Opal Standards in Self-Encrypting Disks (SEDs), which can allow an attacker to decrypt contents of an encrypted drive. Marvell SSD Controller Contains vulnerabilities related to security features.Information may be tampered with. Marvell SSD Controller 88SS1074 is a solid-state hard drive controller from Marvell. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products",
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"db": "VULHUB",
"id": "VHN-142202"
}
],
"trust": 1.53
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10636",
"trust": 2.5
},
{
"db": "LENOVO",
"id": "LEN-25256",
"trust": 1.4
},
{
"db": "CERT/CC",
"id": "VU#395981",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005130",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-064",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142202",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-142202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"db": "NVD",
"id": "CVE-2019-10636"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-064"
}
]
},
"id": "VAR-201906-1091",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142202"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:05.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory",
"trust": 0.8,
"url": "https://www.marvell.com/documents/x9g4hrszt5ls3udbe1eo/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005130"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"db": "NVD",
"id": "CVE-2019-10636"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd"
},
{
"trust": 2.2,
"url": "https://support.lenovo.com/us/en/product_security/len-25256"
},
{
"trust": 1.7,
"url": "https://www.marvell.com/documents/x9g4hrszt5ls3udbe1eo/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10636"
},
{
"trust": 0.8,
"url": "https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/"
},
{
"trust": 0.8,
"url": "https://www.ru.nl/publish/pages/909282/draft-paper.pdf"
},
{
"trust": 0.8,
"url": "https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/ncsc-2018-0984+1.00+meerdere+kwetsbaarheden+ontdekt+in+implementaties+self-encrypting+drives.html"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180028"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj679890(v=ws.11)#configure-use-of-hardware-based-encryption-for-fixed-data-drives"
},
{
"trust": 0.8,
"url": "https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/"
},
{
"trust": 0.8,
"url": "https://www.crucial.com/usa/en/support-ssd-firmware/"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdefxd"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdeosd"
},
{
"trust": 0.8,
"url": "https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hderdd"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10636"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-142202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"db": "NVD",
"id": "CVE-2019-10636"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-064"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#395981"
},
{
"db": "VULHUB",
"id": "VHN-142202"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"db": "NVD",
"id": "CVE-2019-10636"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-064"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-06T00:00:00",
"db": "CERT/CC",
"id": "VU#395981"
},
{
"date": "2019-06-04T00:00:00",
"db": "VULHUB",
"id": "VHN-142202"
},
{
"date": "2019-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"date": "2019-06-04T21:29:00.733000",
"db": "NVD",
"id": "CVE-2019-10636"
},
{
"date": "2019-06-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-064"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-14T00:00:00",
"db": "CERT/CC",
"id": "VU#395981"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142202"
},
{
"date": "2019-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005130"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-10636"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-064"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Self-encrypting hard drives do not adequately protect data",
"sources": [
{
"db": "CERT/CC",
"id": "VU#395981"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-064"
}
],
"trust": 0.6
}
}
CVE-2021-41285 (GCVE-0-2021-41285)
Vulnerability from nvd – Published: 2021-10-04 05:50 – Updated: 2024-08-04 03:08
VLAI
Summary
Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/VoidSec/Exploit-Development/bl… | x_refsource_MISC |
| https://voidsec.com/crucial-mod-utility-lpe-cve-2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\\SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T05:50:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\\SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp",
"refsource": "MISC",
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp"
},
{
"name": "https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/",
"refsource": "MISC",
"url": "https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41285",
"datePublished": "2021-10-04T05:50:39.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:31.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10255 (GCVE-0-2020-10255)
Vulnerability from nvd – Published: 2020-03-10 15:59 – Updated: 2024-08-04 10:58
VLAI
Summary
Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://download.vusec.net/papers/trrespass_sp20.pdf | x_refsource_MISC |
| https://www.vusec.net/projects/trrespass/ | x_refsource_MISC |
| https://github.com/vusec/trrespass | x_refsource_MISC |
| https://twitter.com/vu5ec/status/1237399112590467072 | x_refsource_MISC |
| https://twitter.com/antumbral/status/123742595940… | x_refsource_MISC |
| https://thehackernews.com/2020/03/rowhammer-vulne… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.vusec.net/papers/trrespass_sp20.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vusec.net/projects/trrespass/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vusec/trrespass"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/vu5ec/status/1237399112590467072"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/antumbral/status/1237425959407513600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T13:43:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.vusec.net/papers/trrespass_sp20.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vusec.net/projects/trrespass/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vusec/trrespass"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/vu5ec/status/1237399112590467072"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/antumbral/status/1237425959407513600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.vusec.net/papers/trrespass_sp20.pdf",
"refsource": "MISC",
"url": "https://download.vusec.net/papers/trrespass_sp20.pdf"
},
{
"name": "https://www.vusec.net/projects/trrespass/",
"refsource": "MISC",
"url": "https://www.vusec.net/projects/trrespass/"
},
{
"name": "https://github.com/vusec/trrespass",
"refsource": "MISC",
"url": "https://github.com/vusec/trrespass"
},
{
"name": "https://twitter.com/vu5ec/status/1237399112590467072",
"refsource": "MISC",
"url": "https://twitter.com/vu5ec/status/1237399112590467072"
},
{
"name": "https://twitter.com/antumbral/status/1237425959407513600",
"refsource": "MISC",
"url": "https://twitter.com/antumbral/status/1237425959407513600"
},
{
"name": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html",
"refsource": "MISC",
"url": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10255",
"datePublished": "2020-03-10T15:59:59.000Z",
"dateReserved": "2020-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:58:40.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41285 (GCVE-0-2021-41285)
Vulnerability from cvelistv5 – Published: 2021-10-04 05:50 – Updated: 2024-08-04 03:08
VLAI
Summary
Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/VoidSec/Exploit-Development/bl… | x_refsource_MISC |
| https://voidsec.com/crucial-mod-utility-lpe-cve-2… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\\SYSTEM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T05:50:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\\SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp",
"refsource": "MISC",
"url": "https://github.com/VoidSec/Exploit-Development/blob/master/windows/x64/kernel/crucial_Ballistix_MOD_Utility_v.2.0.2.5/crucial_Ballistix_MOD_Utility_v.2.0.2.5_memory_dump_PoC.cpp"
},
{
"name": "https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/",
"refsource": "MISC",
"url": "https://voidsec.com/crucial-mod-utility-lpe-cve-2021-41285/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41285",
"datePublished": "2021-10-04T05:50:39.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:31.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10255 (GCVE-0-2020-10255)
Vulnerability from cvelistv5 – Published: 2020-03-10 15:59 – Updated: 2024-08-04 10:58
VLAI
Summary
Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://download.vusec.net/papers/trrespass_sp20.pdf | x_refsource_MISC |
| https://www.vusec.net/projects/trrespass/ | x_refsource_MISC |
| https://github.com/vusec/trrespass | x_refsource_MISC |
| https://twitter.com/vu5ec/status/1237399112590467072 | x_refsource_MISC |
| https://twitter.com/antumbral/status/123742595940… | x_refsource_MISC |
| https://thehackernews.com/2020/03/rowhammer-vulne… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.vusec.net/papers/trrespass_sp20.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vusec.net/projects/trrespass/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vusec/trrespass"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/vu5ec/status/1237399112590467072"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/antumbral/status/1237425959407513600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T13:43:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.vusec.net/papers/trrespass_sp20.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vusec.net/projects/trrespass/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vusec/trrespass"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/vu5ec/status/1237399112590467072"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/antumbral/status/1237425959407513600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.vusec.net/papers/trrespass_sp20.pdf",
"refsource": "MISC",
"url": "https://download.vusec.net/papers/trrespass_sp20.pdf"
},
{
"name": "https://www.vusec.net/projects/trrespass/",
"refsource": "MISC",
"url": "https://www.vusec.net/projects/trrespass/"
},
{
"name": "https://github.com/vusec/trrespass",
"refsource": "MISC",
"url": "https://github.com/vusec/trrespass"
},
{
"name": "https://twitter.com/vu5ec/status/1237399112590467072",
"refsource": "MISC",
"url": "https://twitter.com/vu5ec/status/1237399112590467072"
},
{
"name": "https://twitter.com/antumbral/status/1237425959407513600",
"refsource": "MISC",
"url": "https://twitter.com/antumbral/status/1237425959407513600"
},
{
"name": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html",
"refsource": "MISC",
"url": "https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10255",
"datePublished": "2020-03-10T15:59:59.000Z",
"dateReserved": "2020-03-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:58:40.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}