CVE-2019-19273: 
NixOS vulnerability analysis and mitigation

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The vulnerability was discovered in late 2019 and was assigned CVE-2019-19273 (Samsung ID: SVE-2019-16265). The issue affects Samsung Galaxy S8 and Note8 devices (CENSUS Labs).

The vulnerability exists in the RKP firmware's hvc command handler registered under identifier 0x9b. The bug allows writing a zero 64-bit value to arbitrary memory locations. The target address must be a virtual address mapped as writable in the RKP page tables. To exploit this vulnerability, code execution is required in the context of the EL1 kernel. The issue was verified on firmware versions 'avalanche RKP64_8339d1c0' and 'avalanche RKP64_a4d1f55c' (CENSUS Labs).

The vulnerability allows an attacker with kernel execution access to write zero values to arbitrary memory locations, potentially circumventing established security controls through the corruption of device memory (CENSUS Labs).

Samsung has addressed this vulnerability in the 'SMR February-2020 Release 1' security patches. Users are strongly recommended to apply the latest security updates offered by Samsung for their mobile devices (CENSUS Labs, Samsung Mobile).