CVE-2018-21058: 
NixOS vulnerability analysis and mitigation

An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used instead of the Cryptography Extension (CE). This vulnerability was identified in September 2018 with Samsung ID SVE-2018-12761 (NVD).

The vulnerability stems from the implementation of AES-GCM in the Keymaster component using T-Tables rather than the hardware-based Cryptography Extension (CE). This implementation choice makes the system susceptible to cache-based side-channel attacks. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially allow attackers to extract cryptographic keys through cache timing attacks, compromising the security of encrypted data on affected devices. Given the CRITICAL CVSS score, successful exploitation could lead to complete compromise of confidentiality, integrity, and availability of the affected system (NVD).

Samsung has addressed this vulnerability through their security update process. Users of affected devices should ensure they have applied all available security updates from Samsung. The fix involves proper implementation of cryptographic operations using the Cryptography Extension instead of T-Tables (Samsung Mobile Security).