CVE-2022-33719: 
NixOS vulnerability analysis and mitigation

Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. This vulnerability is tracked as CVE-2022-33719 and was discovered in August 2022. The vulnerability affects Samsung mobile devices running Android versions 10.0, 11.0, and 12.0 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Samsung Mobile assigned it a slightly lower score of 8.6 HIGH with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound) and CWE-20 (Improper Input Validation) (NVD).

The vulnerability allows attackers to cause an integer overflow condition that leads to a heap overflow. This could potentially result in arbitrary code execution with elevated privileges, information disclosure, or denial of service (NVD).

Samsung has released patches as part of the August 2022 Security Maintenance Release (SMR). Users should update their devices to SMR Aug-2022 Release 1 or later to mitigate this vulnerability (Samsung Mobile Security).