CVE-2022-39912: 
NixOS vulnerability analysis and mitigation

CVE-2022-39912 is a security vulnerability discovered in the PersonaManagerService component of Android operating systems prior to Android T(13). The vulnerability was reported on March 2, 2022, and involves improper handling of insufficient permissions in the setSecureFolderPolicy functionality. This vulnerability affects Android systems before version 13 (Samsung Mobile Security).

The vulnerability is classified as a moderate severity issue with a CVSS v3.1 base score of 3.3 (LOW) according to NVD, while Samsung Mobile rates it with a score of 6.2 (MEDIUM). The vulnerability is categorized under CWE-755 (Improper Handling of Exceptional Conditions) by NIST and CWE-280 (Improper Handling of Insufficient Permissions or Privileges) by Samsung Mobile (NVD).

The vulnerability allows local attackers to set certain setting values in the Secure folder without proper authorization. This could potentially compromise the security boundaries of the Secure folder feature, which is designed to keep sensitive data protected (Samsung Mobile Security).

The vulnerability has been patched by adding proper permission controls for using the API in Android T(13). Users are advised to update their Android devices to version 13 or later to receive the security fix (Samsung Mobile Security).