CVE-2022-39903: 
NixOS vulnerability analysis and mitigation

Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 affects select Samsung mobile devices running Android versions 10.0, 11.0, 12.0, and 13.0 that support RCS functionality. The vulnerability was reported privately on September 4, 2022 and was assigned CVE-2022-39903 (NVD, Samsung Mobile).

The vulnerability is classified as a moderate severity issue with a CVSS v3.1 base score of 3.3 (LOW) according to NVD and 4.0 (MEDIUM) according to Samsung Mobile. The vulnerability stems from improper access control mechanisms that could allow local attackers to access RCS incoming call numbers. The issue is tracked under CWE-863 (Incorrect Authorization) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

If exploited, the vulnerability allows local attackers to gain unauthorized access to RCS incoming call numbers, potentially compromising user privacy and exposing sensitive communication information (Samsung Mobile).

Samsung addressed this vulnerability in the December 2022 Security Maintenance Release (SMR Dec-2022 Release 1) by adding proper permission checks to prevent unauthorized access. Users should update their devices to the latest available security patch to protect against this vulnerability (Samsung Mobile).