CVE-2022-39905: 
NixOS vulnerability analysis and mitigation

Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent (Samsung Advisory). The vulnerability, tracked as CVE-2022-39905, affects Android versions 10, 11, 12, and 13. It was reported privately on September 15, 2022 and was assigned a CVSS v3.1 base score of 4.0 (MEDIUM) (NVD).

The vulnerability exists in the Telecom application and is related to improper handling of implicit intents, which could allow unauthorized access to sensitive information. The issue was given a CVSS v3.1 Vector of CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating local access is required, low attack complexity, no privileges needed, and no user interaction required (NVD).

The vulnerability allows attackers to access sensitive information through exploitation of implicit intents in the Telecom application (Samsung Advisory). The impact is limited to confidentiality with no effect on integrity or availability.

Samsung has addressed this vulnerability by adding proper permission in the Telecom application to prevent unauthorized access. The fix was included in the Samsung Mobile Security Maintenance Release (SMR) for December 2022 Release 1 (Samsung Advisory).