CVE-2021-25388: 
NixOS vulnerability analysis and mitigation

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary apps. The vulnerability, tracked as CVE-2021-25388, was discovered in Samsung's Knox Core system and was reported by security researcher Sergey Toshin (Oversecured Blog, Samsung Mobile).

The vulnerability exists in the exported service com.samsung.android.knox.containercore.provisioning.DualDARInitService of Knox Core. An attacker could pass an arbitrary URI via the dualdar-config-client-location parameter, which would be copied to a world-readable location at /sdcard/Android/data/com.samsung.android.knox.containercore/files/clientdownloadedknox_app.apk. After the file is copied, the app installation process would be launched, allowing for the installation of arbitrary applications (Oversecured Blog).

The vulnerability could allow attackers to install arbitrary applications on affected Samsung devices, potentially leading to device-wide theft of arbitrary files. This could result in unauthorized access to sensitive data and potential compromise of device security (Hacker News).

Samsung addressed this vulnerability in the Security Maintenance Release (SMR) MAY-2021 Release 1. Users are recommended to update their devices to the latest firmware version to protect against this vulnerability (Samsung Mobile).