CVE-2018-21051: 
NixOS vulnerability analysis and mitigation

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The vulnerability was identified as CVE-2018-21051 with Samsung ID SVE-2018-12853 and was disclosed in October 2018 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 CRITICAL with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue involves an invalid free operation in the fingerprint Trustlet component, which can lead to arbitrary code execution. The vulnerability affects Samsung mobile devices running Android versions 7.x (Nougat) and 8.x (Oreo) specifically on Exynos chipsets (NVD).

The vulnerability allows attackers to execute arbitrary code on affected devices through the fingerprint Trustlet component. Given the CRITICAL severity rating and the maximum CVSS score for confidentiality, integrity, and availability impacts, successful exploitation could result in complete compromise of the affected system (NVD).

Samsung has addressed this vulnerability through their Security Maintenance Release (SMR) process. Users of affected devices should ensure they have installed all available security updates from Samsung to mitigate this vulnerability (Samsung Mobile Security).