CVE-2020-35551

CRITICAL

Samsung O(8.x)-Q(10.0) Exynos - Info Disclosure

Title source: llm

Description

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).

References (1)

[Vendor Advisory] https://security.samsungmobile.com/securityUpdate.smsb

Scores

CVSS v3 9.8

EPSS 0.0013

EPSS Percentile 32.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-294

Status published

Products (4)

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

Published Dec 18, 2020

Tracked Since Feb 18, 2026