doesn’t it read like Samsung didn’t publish mitigations for S8/S9?
For fixing CVE-2021-25444, Samsung “removed the option to add a custom IV from the API. To patch CVE-2021-25490, the tech giant removed the “legacy key blob implementation” in the latest models S10, S20, and S21, running Android P or later.
there are apparently updates for at least S9 - but samsungs sec page is not helpful in letting me search if the CVEs were adressed for which device, lost my search power then… fyi!