CVE-2020-8860: 
NixOS vulnerability analysis and mitigation

CVE-2020-8860 is a remote code execution vulnerability affecting Samsung Galaxy S10 Firmware G973FXXS3ASJA devices with Exynos chipsets running Android versions 8.x, 9.0, and 10.0. The vulnerability was discovered in 2020 and requires user interaction in the form of answering a phone call to be exploited (ZDI Advisory).

The vulnerability exists within the Call Control Setup messages and stems from improper validation of user-supplied data length before copying it to a fixed-length, stack-based buffer. The vulnerability has been assigned a CVSS v3.1 base score of 8.0 HIGH (CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) by NVD, while Zero Day Initiative rated it at 7.1 HIGH (CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the baseband processor on affected Samsung Galaxy S10 devices. The high severity rating indicates potential for significant impact on device security (ZDI Advisory).

Samsung has released a security update to address this vulnerability. Users of affected devices should ensure they have installed the latest security patches available through Samsung's security update system (Samsung Security).