CVE-2020-11606: 
NixOS vulnerability analysis and mitigation

An issue was discovered on Samsung mobile devices with Q(10.0) software where information about application preview (in the Secure Folder) leaks on a locked device. The vulnerability was identified with Samsung ID SVE-2019-16463 and was disclosed in April 2020 (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 2.4 (LOW) with the vector string CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires physical access (AV:P), has low attack complexity (AC:L), requires no privileges (PR:N), needs no user interaction (UI:N), has unchanged scope (S:U), and can result in low confidentiality impact (C:L) with no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability allows an attacker with physical access to the device to view application preview information from the Secure Folder even when the device is locked. This represents a breach of confidentiality for potentially sensitive information stored in the Secure Folder (NVD).

Samsung has addressed this vulnerability through a security update. Users should ensure their devices are updated with the latest security patches (Samsung Mobile Security).