CVE-2022-28781: 
NixOS vulnerability analysis and mitigation

Improper input validation vulnerability in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege (Samsung Mobile). The vulnerability, identified as CVE-2022-28781, has a CVSS v3.1 base score of 6.7 MEDIUM according to NVD, while Samsung Mobile rates it at 7.7 HIGH (NVD).

The vulnerability is characterized by improper input validation in the Settings application. The issue stems from insufficient validation of caller privileges, which could allow attackers to execute activities with elevated system privileges. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H according to NVD, while Samsung Mobile's assessment shows CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (NVD).

The vulnerability could allow attackers to execute activities with system privileges, potentially leading to unauthorized access to system resources and sensitive information. The high severity rating from Samsung Mobile indicates significant potential impact on system security (Samsung Mobile).

Samsung has addressed this vulnerability by adding proper validation logic to check the caller in the SMR-May-2022 Release 1 security update. Users are advised to update their devices to this version or later to mitigate the risk (Samsung Mobile).