CVE-2022-33724: 
NixOS vulnerability analysis and mitigation

Exposure of Sensitive Information in Samsung Dialer application prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. This vulnerability was assigned CVE-2022-33724 and was disclosed on August 5, 2022. The vulnerability affects Samsung mobile devices running Android versions 10.0, 11.0, and 12.0 (NVD).

The vulnerability is classified as an information exposure issue, identified with CWE-319 (Cleartext Transmission of Sensitive Information) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 LOW with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD).

The vulnerability allows local attackers to access the ICCID (Integrated Circuit Card Identifier) through log files. This exposure of sensitive information could potentially be used to track or identify the device's SIM card (NVD).

Samsung has addressed this vulnerability in the SMR Aug-2022 Release 1 security update. Users should update their devices to the latest available security patch to mitigate this vulnerability (Samsung Mobile).