CVE-2022-33700: 
NixOS vulnerability analysis and mitigation

Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. The vulnerability was discovered and disclosed in June 2022, affecting Android versions 10.0, 11.0, and 12.0 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 2.3 (LOW) with vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. Samsung Mobile assigned a slightly lower score of 2.0 (LOW) with vector string CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-668 (Exposure of Resource to Wrong Sphere) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The vulnerability allows local attackers to access sensitive IMSI (International Mobile Subscriber Identity) information through log files. This exposure of sensitive subscriber information could potentially be used for tracking or identifying the device user (NVD).

The vulnerability was addressed in Samsung's July 2022 Security Maintenance Release (SMR Jul-2022 Release 1). Users should update their devices to the latest available security patch to mitigate this vulnerability (Samsung Mobile Security).