CVE-2018-21084: 
NixOS vulnerability analysis and mitigation

An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018) (NVD).

The vulnerability involves a race condition that leads to a read-after-free issue in the get_kek function. The vulnerability has been assigned a CVSS v3.1 Base Score of 8.1 HIGH with vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue is classified under two CWE categories: CWE-416 (Use After Free) and CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) (NVD).

The vulnerability could potentially lead to high impacts on confidentiality, integrity, and availability of the affected systems. Given the CVSS score and vector, the vulnerability could allow remote attackers to execute code or access sensitive information without requiring user interaction, though the attack complexity is considered high (NVD).

The vulnerability affects Android versions 5.1, 6.0, and 7.x on Samsung mobile devices. Users should update their devices to newer versions of Android that are not affected by this vulnerability (NVD).