CVE-2022-27836: 
NixOS vulnerability analysis and mitigation

Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allows unauthorized access to sensitive information. The vulnerability was discovered and disclosed in April 2022, affecting Samsung mobile devices running Android versions Q(10), R(11), S(12), and T(13) (NVD).

The vulnerability combines two security issues: improper access control (CWE-284) and path traversal (CWE-22). The vulnerability exists in the Storage Manager and Storage Manager Service components, potentially allowing attackers to traverse directory paths and access unauthorized storage areas (NVD CNA Status).

The vulnerability allows attackers to gain unauthorized access to sensitive information stored in the device's storage system. This could potentially expose private user data and system information to malicious actors (NVD).

The vulnerability was addressed in the Samsung Mobile Security Maintenance Release (SMR) Apr-2022 Release 1. Users should ensure their devices are updated to this version or later to protect against this vulnerability (NVD).