CVE-2018-21079: 
NixOS vulnerability analysis and mitigation

A kernel pointer leak vulnerability was discovered in the USB gadget driver affecting Samsung mobile devices running Android versions L(5.x), M(6.0), N(7.x), and O(8.0). The vulnerability was identified with Samsung ID SVE-2017-10993 and was disclosed in March 2018 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high confidentiality impact without affecting integrity or availability (NVD).

The vulnerability allows unauthorized access to kernel pointer information, which could lead to information disclosure. The high confidentiality impact rating suggests that the leaked kernel pointer information could potentially be used by attackers to gather sensitive system information or assist in further exploitation (NVD).

Samsung has addressed this vulnerability through their security update process. Users of affected devices should ensure they have applied the relevant security patches provided by Samsung (Samsung Mobile Security).