CVE-2018-21059: 
NixOS vulnerability analysis and mitigation

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software that allows Clipboard content visibility in the locked state via the emergency contact picker. This vulnerability was identified with Samsung ID SVE-2018-11806 in September 2018 (NVD, Samsung Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 HIGH with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. It is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability affects multiple versions of Android operating system including versions 7.0, 7.1.0, 7.1.1, 7.1.2, 8.0, and 8.1 (NVD).

The vulnerability allows unauthorized access to clipboard content when the device is in a locked state, potentially exposing sensitive information that may have been copied to the clipboard. This creates a security risk where sensitive data could be accessed through the emergency contact picker interface without proper authentication (NVD).

Samsung has addressed this vulnerability through their security update process. Users should ensure their devices are updated with the latest security patches to mitigate this issue (Samsung Advisory).