CVE-2022-30715: 
NixOS vulnerability analysis and mitigation

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. The vulnerability was assigned CVE-2022-30715 and was discovered in June 2022. The vulnerability affects Android devices running versions 10.0, 11.0, and 12.0 (NVD).

The vulnerability has been classified as an improper access control issue (CWE-284). It received a CVSS v3.1 base score of 5.3 (Medium) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, while Samsung Mobile assessed it as 4.0 (Medium) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD).

The vulnerability allows attackers to gain unauthorized control over the floating system alert window functionality. This could potentially enable malicious actors to manipulate system alerts and interfere with the user interface (Samsung Mobile).

Samsung addressed this vulnerability in their June 2022 Security Maintenance Release (SMR). Users should update their devices to SMR Jun-2022 Release 1 or later to receive the security patch that implements proper access control logic (Samsung Mobile).