CVE-2022-39886: 
NixOS vulnerability analysis and mitigation

Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 affects Android versions 10.0, 11.0, and 12.0. The vulnerability was discovered on July 21, 2022, and was assigned a CVSS v3.1 base score of 3.3 (LOW) by NIST and 5.9 (MEDIUM) by Samsung Mobile (Samsung Advisory).

The vulnerability exists in the RIL (Radio Interface Layer) component, specifically in the IpcRxServiceModeBigDataInfo functionality. It allows local attackers to access Device information due to improper access control mechanisms. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating local access, low attack complexity, low privileges required, no user interaction needed, unchanged scope, and low impact on confidentiality (NVD).

The primary impact of this vulnerability is unauthorized access to Device information. The vulnerability affects confidentiality with low severity, while having no direct impact on integrity or availability of the system (Samsung Advisory).

Samsung addressed this vulnerability in the November 2022 Security Maintenance Release (SMR) by adding proper access control in RIL to prevent unauthorized access. Users should update their devices to SMR Nov-2022 Release 1 or later to protect against this vulnerability (Samsung Advisory).