CVE-2020-11603: 
NixOS vulnerability analysis and mitigation

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software. Type confusion in the MLDAP Trustlet allows arbitrary code execution. The vulnerability was identified with Samsung ID SVE-2020-16599 and disclosed in April 2020 (Vendor Advisory).

The vulnerability is classified as a type confusion issue in the MLDAP (Mobile Lightweight Directory Access Protocol) Trustlet component. It has been assigned a CVSS v3.1 base score of 7.5 HIGH, indicating significant severity. The vulnerability is tracked as CWE-843 (Access of Resource Using Incompatible Type) (NVD).

The vulnerability allows attackers to execute arbitrary code on affected devices. Given the location of the vulnerability in the Trustlet component, which operates in a trusted execution environment, successful exploitation could lead to compromise of sensitive system components (NVD).

Samsung has released security patches to address this vulnerability as part of their April 2020 security maintenance release (SMR). Users are advised to update their devices to the latest available security patch level (Android News).